Commit Graph

6882 Commits

Author SHA1 Message Date
Emmanuel Fleury
6e3d30a105 Fix signedness warnings in gio/gcredentials.c
gio/gcredentials.c: In function ‘linux_ucred_check_valid’:
gio/gcredentials.c:317:22: error: comparison of integer expressions of different signedness: ‘uid_t’ {aka ‘unsigned int’} and ‘int’
  317 |       || native->uid == -1
      |                      ^~
gio/gcredentials.c:318:22: error: comparison of integer expressions of different signedness: ‘gid_t’ {aka ‘unsigned int’} and ‘int’
  318 |       || native->gid == -1)
      |                      ^~

gio/gcredentials.c: In function ‘g_credentials_set_unix_user’:
gio/gcredentials.c:639:29: error: comparison of integer expressions of different signedness: ‘uid_t’ {aka ‘unsigned int’} and ‘int’
  639 |   g_return_val_if_fail (uid != -1, FALSE);
      |                             ^~
2021-01-11 20:45:27 +01:00
Krzesimir Nowak
a2525129a7 tests: Update the expected count in file test
We added another desktop file, so update the file count.
2021-01-09 16:00:50 +01:00
Krzesimir Nowak
cdf0a50c69 gdesktopappinfo: Fix validation of XDG_CURRENT_DESKTOP
Split out XDG_CURRENT_DESKTOP handling to a separate function and make
sure that it drops all the invalid entries properly. Earlier a bad
entry could slip through the checks by sitting just after another bad
entry, like in env being set to `invalid1!:invalid2!`, where
`invalid2!` could slip the checks.
2021-01-09 15:39:09 +01:00
Philip Withnall
46097e9b8e Merge branch 'wip/baedert/gparam' into 'master'
glocalfile: Fix an uninitialized variable

See merge request GNOME/glib!1860
2021-01-08 14:07:57 +00:00
crvi
e789e50f12 docs: update g_action_group_activate_action() remote activation semantics
Refer https://gitlab.gnome.org/GNOME/glib/-/issues/2284
2021-01-08 11:07:16 +00:00
Philip Withnall
d90d914fc5 tests: Add more debug information to gdbus-connection-slow
It occasionally fails in CI with output like:
```
196/274 glib:gio / gdbus-connection-slow        FAIL     0.54 s (killed by signal 6 SIGABRT)

--- command ---
G_TEST_BUILDDIR='/builds/pwithnall/glib/_build/gio/tests' G_TEST_SRCDIR='/builds/pwithnall/glib/gio/tests' GIO_MODULE_DIR='' /builds/pwithnall/glib/_build/gio/tests/gdbus-connection-slow
--- stdout ---
\# random seed: R02S4eb186e89e2472eedd11538b37192543
1..2
\# Start of gdbus tests
\# Start of connection tests
Bail out! GLib-GIO:ERROR:../gio/tests/gdbus-connection-slow.c:98:test_connection_flush: assertion failed (error == NULL): Child process killed by signal 11 (g-exec-error-quark, 19)
--- stderr ---
**
GLib-GIO:ERROR:../gio/tests/gdbus-connection-slow.c:98:test_connection_flush: assertion failed (error == NULL): Child process killed by signal 11 (g-exec-error-quark, 19)
cleaning up pid 12991
```

which is not very helpful. Add some more debug output to print the
stdout and stderr of the child process, to hopefully give an insight
into why it’s dying with signal 11 (sigsegv).

I can’t reproduce the sigsegv locally.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2021-01-07 17:55:21 +00:00
Philip Withnall
793f824a2e gsettingsschema: Ignore GSETTINGS_SCHEMA_DIR when running setuid
As with previous commits, this could have been used to load private data
for an unprivileged caller.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Helps: #2168
2021-01-07 15:02:25 +00:00
Philip Withnall
e2b5094cdb gresource: Ignore G_RESOURCE_OVERLAYS when running as setuid
It could have been used to load private data which would not normally be
accessible to an unprivileged caller.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Helps: #2168
2021-01-07 15:02:25 +00:00
Philip Withnall
45d01e5aa9 gdesktopappinfo: Validate XDG_CURRENT_DESKTOP before using it
Its components are used to build filenames, so if the value of
`XDG_CURRENT_DESKTOP` comes from an untrusted caller (as can happen in
setuid programs), using it unvalidated may be unsafe.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Helps: #2168
2021-01-07 15:02:25 +00:00
Philip Withnall
dba585d020 gdbusaddress: Ignore D-Bus addresses from the environment when setuid
As with the previous commit, it’s unsafe to trust the environment when
running as setuid, as it comes from an untrusted caller. In particular,
with D-Bus, the caller could set up a fake ‘system’ bus which fed
incorrect data to this process.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Helps: #2168
2021-01-07 15:02:25 +00:00
Philip Withnall
ba414ee100 giomodule: Ignore GIO_MODULE_DIR when running as setuid
Even if the modules in the given directory never get chosen to be used,
loading arbitrary code from a user-provided directory is not safe when
running as setuid, as the process’ environment comes from an untrusted
source.

Also ignore `GIO_EXTRA_MODULES`.

Spotted by Simon McVittie.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Fixes: #2168
2021-01-07 15:02:24 +00:00
Sebastian Dröge
65271eb93d Merge branch 'fix/default-windows-socket-udp-behavior' into 'master'
gsocket: Improve default UDP behavior on Windows

See merge request GNOME/glib!1844
2021-01-07 14:09:19 +00:00
Frederic Martinsons
16dfd2033f Annotate function parameters with G_GNUC_UNUSED when necessary
(Tweaked by Philip Withnall to reformat code with `black`)

Closes #1105

Signed-off-by: Frederic Martinsons <frederic.martinsons@sigfox.com>
2021-01-06 18:35:17 +00:00
Timm Bäder
c983ded09f glocalfile: Fix an uninitialized variable
Clang says:

../gio/glocalfile.c:2090:11: warning: variable 'success' is used uninitialized whenever 'if' condition is false [-Wsometimes-uninitialized]
      if (trashdir == NULL)
          ^~~~~~~~~~~~~~~~
../gio/glocalfile.c:2133:12: note: uninitialized use occurs here
      if (!success)
           ^~~~~~~
../gio/glocalfile.c:2090:7: note: remove the 'if' if its condition is always true
      if (trashdir == NULL)
      ^~~~~~~~~~~~~~~~~~~~~
../gio/glocalfile.c:2041:23: note: initialize the variable 'success' to silence this warning
      gboolean success;
                      ^
                       = 0

So just do that.
2021-01-06 17:36:32 +01:00
Sebastian Dröge
587b46fec3 Merge branch 'sophie-h-master-patch-90719' into 'master'
Add nullable annotation for g_file_get_uri_scheme

See merge request GNOME/glib!1840
2021-01-06 08:55:47 +00:00
Sophie Herold
b3740ac5b0 Add nullable annotation for g_file_get_uri_scheme 2021-01-06 08:55:47 +00:00
Sebastian Dröge
b777b4caaa Merge branch 'fix/socket-use-after-close' into 'master'
gsocket: Fix use-after-close

See merge request GNOME/glib!1845
2021-01-06 08:42:01 +00:00
Sebastian Dröge
609d1e292f Merge branch 'fix/android-system-checks' into 'master'
build: Fix Android system checks

See merge request GNOME/glib!1856
2021-01-06 08:34:52 +00:00
Ole André Vadla Ravnås
ea0c4bf045 build: Fix inconsistent Android host system checks
To match the value in the Meson reference table for "Operating system
names", and our checks elsewhere.
2021-01-06 01:12:31 +01:00
Ole André Vadla Ravnås
0ab51f8d4e gwin32: Always use unicode APIs
Instead of the legacy ANSI ones. This also means GLib behaves correctly
when built with unicode preprocessor defines.
2021-01-05 21:42:59 +01:00
Ole André Vadla Ravnås
17c53b5f16 gsocket: Don't call WSAEnumNetworkEvents if socket is closed
Makes Application Verifier happy.
2021-01-05 21:20:38 +01:00
Ole André Vadla Ravnås
d01588f37e gsocket: Don't bother updating select mask if socket is closed 2021-01-05 21:20:34 +01:00
Pascal Buhler
9cd134d9fb gsocket: Improve default UDP behavior on Windows
An ICMP port unreachable will result in a socket error, which is a
really bad default for UDP sockets.
2021-01-05 21:08:15 +01:00
Philip Withnall
01b77666bc Merge branch '2275-gio-script-local' into 'master'
completion: Declare variables as local in gio completion script

Closes #2275

See merge request GNOME/glib!1839
2021-01-05 16:27:44 +00:00
Philip Withnall
2ca4d865b2 completion: Declare variables as local in gio completion script
Most variables were, but a few were not declared as local, and hence
leaked into the calling environment every time someone tab-completed the
`gio` command.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Fixes: #2275
2021-01-05 16:14:16 +00:00
Sebastian Dröge
d752d3be3b Merge branch 'update-gvdb' into 'master'
Update gvdb

See merge request GNOME/glib!1834
2021-01-05 10:37:57 +00:00
Sebastian Dröge
87e8eb67c3 Merge branch '1283-trash-wording' into 'master'
glocalfile: Improve wording for error messages about trash directories

Closes #1283

See merge request GNOME/glib!1825
2021-01-04 15:07:31 +00:00
Philip Withnall
7f2af262bf glocalfile: Improve wording for error messages about trash directories
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Fixes: #1283
2021-01-04 14:43:54 +00:00
Philip Withnall
9716a26ab6 Merge branch '1281-to-pixdata-docs' into 'master'
gresource: Document the `to-pixdata` option as being deprecated

Closes #1281

See merge request GNOME/glib!1826
2021-01-04 12:58:42 +00:00
Philip Withnall
0c85348efc Merge branch 'appinfo-shellany-uwplaunch' into 'master'
GWin32AppInfo: support getting info about UWP apps and launching them

Closes #1991

See merge request GNOME/glib!1772
2021-01-04 12:55:58 +00:00
Ole André Vadla Ravnås
9ac3a27f03 gsocket: Fix credentials error-handling on Apple OSes
- When querying a TCP socket, getsockopt() may succeed but the resulting
  `optlen` will be zero. This means we'd previously be reading
  uninitialized stack memory in such cases.
- After a file-descriptor has gone through FD-passing, getsockopt() may
  fail with EINVAL. At least this is the case with TCP sockets.
- While at it also use SOL_LOCAL instead of hard-coding its value.
2021-01-04 12:29:47 +00:00
Philip Withnall
0d3473d3bb Merge remote-tracking branch 'gvdb/master' into update-gvdb
This is the result of `git merge gvdb/master`.
2021-01-04 11:38:54 +00:00
Timm Bäder
fe441c8ca5 giomodule: Don't allocate GHashTable for no entries
This seems to happen in 3 out of 4 cases when calling gtk_init(), so
avoid allocating the GHashTable in that case.
2020-12-31 14:58:40 +01:00
Timm Bäder
105e44beb5 gresource: Avoid work for NULL errors
Don't go through gettext if the GError** passed is NULL anyway.
2020-12-31 14:58:40 +01:00
Marco Mastropaolo
43b13d7a1a Windows: fix FD_READ condition flag still set on recoverable UDP socket errors.
Contrary to what the WSARecvFrom seem to imply, a UDP socket is perfectly recoverable and usable after a WSAECONNRESET error (and, I assume, WSAENETRESET).
However GSocket condition has the FD_READ bit set after a UDP socket fails with WSAECONNRESET, even if no data is available on the socket anymore; this causes select calls to report the socket as readable when, in fact, it's not.

The change resets FD_READ flag on a socket upon the above error conditions; there's no 'if' to filter between datagram and stream sockets as the change should be harmless in the case of stream sockets which are, however, very unlikely to be usable after a WSAECONNRESET.
2020-12-24 09:08:40 +00:00
Руслан Ижбулатов
c816d074c3 GWin32AppInfo: fix a leak 2020-12-23 01:47:01 +00:00
Руслан Ижбулатов
d33c3747dc GWin32AppInfo: invert verb comparison function
The list is sorted in ascending order, which means that to put
verbs alphabetically we need to sort ealier verbs with -1. Same for
the "open" verb and the preferred verb (if any).
2020-12-23 01:46:33 +00:00
Руслан Ижбулатов
48d96b21f9 GWin32AppInfo: enforce chosen handler on UWP apps, use URI verbs
* UWP apps that have low registry footprint might end up with chosen_handler == NULL.
Ensure that this doesn't happen.
* UWP apps don't need verbs for URIs, but we do need verbs to have a link to an app
(since handlers don't contain app fields). Work around this by adding an "open" verb
to each UWP URI handler.
* Duplicate the code that inserts extension handler verbs into the app to also insert
URI handler verbs. This allows URI-only apps to be used correctly later on (otherwise
GLib errors out, saying that the app has no verbs).
2020-12-23 01:46:11 +00:00
Руслан Ижбулатов
a2f823113c GWin32AppInfo: read UWP handler metadata (indirect strings)
Have to use of SHLoadIndirectString() from shell32.dll for this, no
way around that.
2020-12-23 01:46:10 +00:00
Руслан Ижбулатов
a2c287bf9f GWin32AppInfo: be less picky about names
Use pretty name as the result of _name(), if available. This is
more in line with what .desktop files return. Canonical name
may be completely unintelligible.
2020-12-23 01:45:20 +00:00
Руслан Ижбулатов
e7a738711b GWin32AppInfo: be more permissive about verbs in capable apps
MSDN doesn't say much on this subject, but i've seen apps in the wild
that have the "shell" subkey with verbs *either* in the root app key *or*
in the "Capabilities" subkey of the root key. Accommodate either case by trying both
(root key gets a priority, since this is how MS Address Book is registered -
assume that MS knows how to do this the right way).
2020-12-23 01:44:47 +00:00
Руслан Ижбулатов
10def41dc5 GWin32AppInfo: simplify appinfo wait condition 2020-12-23 01:44:34 +00:00
Руслан Ижбулатов
4c3a61e221 GWin32AppInfo: use g_new() instead of g_malloc() 2020-12-23 01:43:39 +00:00
Руслан Ижбулатов
f28b75e9ff GWin32AppInfo: Support launching UWP applications 2020-12-23 01:43:38 +00:00
Руслан Ижбулатов
0ea2f34723 GWin32AppInfo: more checks for UWP apps
UWP apps have no exectuables or commandlines. Check for that.
2020-12-23 01:43:38 +00:00
Руслан Ижбулатов
720b51032c GWin32AppInfo: Support getting information about UWP apps 2020-12-23 01:43:38 +00:00
Руслан Ижбулатов
e9b09911f6 gio: Add g_win32_package_parser_enum_packages()
This function enumerates all user-accessible UWP packages
and calls the user-provided callback for each package.

This can be used to make GLib aware of the UWP applications
installed in the system.

The function works by using IPackageManager/IPackage UWP interfaces
and XmlLite COM library to parse package manifests.

The function requires COM, and initializes it to a single-thread
appartment model. To ensure this doesn't break anything, either
only use it in a separate thread (COM is initialized on a per-thread
basis), or make sure that the main thread also uses the same COM
model (it's OK to initialize COM multiple times, as long as the same
model is used and as long as init/uninit calls are paired correctly).
2020-12-23 01:43:38 +00:00
Руслан Ижбулатов
2773c06bd4 gio: Add private headers with missing UWP/COM types
MinGW-w64 lacks the appropriate headers, so we have to add them
here. Note that these only have the C versions (normally these
things come in both C and C++ flavours), since that's what we use.

Also note that some of the functions that we don't use (but must
describe to maintain binary compatibility) were altered to use
IUnknown (basically, an untyped pointer) instead of the appropriate
object types, as adding these types would require other types,
which would pull even more types, forcing us to drag half of the
UWP headers in here. By replacing unused types with IUnknown we
can trim a lot of branches from the dependency graph.
2020-12-23 01:35:51 +00:00
Руслан Ижбулатов
895fc2eff2 gio: add GWin32FileSyncStream
This is a COM object that implements IStream by using a HANDLE
and WinAPI file functions to access the file (only a file; pipes
are not supported). Only supports synchronous access (this is
a feature - the APIs that read from this stream internally will
never return the COM equivalent of EWOULDBLOCK, which greatly
simplifies their use).
2020-12-23 01:35:39 +00:00
Руслан Ижбулатов
fdfa9236a2 GWin32AppInfo: Store UWP AppUserModelId for a handler
Could be used later on to launch UWP apps.

UWP apps need verbs, but we don't have any code to get UWP app
info yet.
2020-12-23 01:33:28 +00:00
Philip Withnall
b63e9889a8 gresource: Document the to-pixdata option as being deprecated
Just embed a PNG instead. gdk-pixbuf deprecated its pixdata support in
version 2.32, in 2015.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Fixes: #1281
2020-12-22 18:42:05 +00:00
Philip Withnall
8cec87ff46 glocalfile: Clarify an error message slightly
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2020-12-22 18:22:37 +00:00
Emmanuel Fleury
e90a79139f Fix signedness warnings in gio/gcredentials.c:g_credentials_to_string()
gio/gcredentials.c: In function ‘g_credentials_to_string’:
gio/gcredentials.c:238:31: error: comparison of integer expressions of different signedness: ‘uid_t’ {aka ‘unsigned int’} and ‘int’
  238 |   if (credentials->native.uid != -1)
      |                               ^~
gio/gcredentials.c:240:31: error: comparison of integer expressions of different signedness: ‘gid_t’ {aka ‘unsigned int’} and ‘int’
  240 |   if (credentials->native.gid != -1)
      |                               ^~
2020-12-18 12:26:38 +01:00
Emmanuel Fleury
477d53b2b0 Fix signedness warning in gio/gbufferedoutputstream.c:g_buffered_output_stream_set_buffer_size()
gio/gbufferedoutputstream.c: In function ‘g_buffered_output_stream_set_buffer_size’:
glib/gmacros.h:806:26: error: comparison of integer expressions of different signedness: ‘gsize’ {aka ‘long unsigned int’} and ‘goffset’ {aka ‘long int’}
  806 | #define MAX(a, b)  (((a) > (b)) ? (a) : (b))
      |                          ^
gio/gbufferedoutputstream.c:211:14: note: in expansion of macro ‘MAX’
  211 |       size = MAX (size, priv->pos);
      |              ^~~

Fix signedness warning in gio/gbufferedinputstream.c:g_buffered_input_stream_real_fill()

gio/gbufferedinputstream.c: In function ‘g_buffered_input_stream_real_fill’:
glib/gmacros.h:809:26: error: comparison of integer expressions of different signedness: ‘gssize’ {aka ‘long int’} and ‘gsize’ {aka ‘long unsigned int’}K [-Werror=sign-compare]
  809 | #define MIN(a, b)  (((a) < (b)) ? (a) : (b))
      |                          ^
gio/gbufferedinputstream.c:664:11: note: in expansion of macro ‘MIN’
  664 |   count = MIN (count, priv->len - in_buffer);
      |           ^~~
gio/gbufferedinputstream.c:667:29: error: comparison of integer expressions of different signedness: ‘gsize’ {aka ‘long unsigned int’} and ‘gssize’ {aka ‘long int’}
  667 |   if (priv->len - priv->end < count)
      |                             ^

Fix signedness warnings in gio/gbufferedinputstream.c:g_buffered_input_stream_real_fill_async()

gio/gbufferedinputstream.c: In function ‘g_buffered_input_stream_real_fill_async’:
glib/gmacros.h:809:26: error: comparison of integer expressions of different signedness: ‘gssize’ {aka ‘long int’} and ‘gsize’ {aka ‘long unsigned int’}
  809 | #define MIN(a, b)  (((a) < (b)) ? (a) : (b))
      |                          ^
gio/gbufferedinputstream.c:1075:11: note: in expansion of macro ‘MIN’
 1075 |   count = MIN (count, priv->len - in_buffer);
      |           ^~~
gio/gbufferedinputstream.c:1078:29: error: comparison of integer expressions of different signedness: ‘gsize’ {aka ‘long unsigned int’} and ‘gssize’ {aka ‘long int’}
 1078 |   if (priv->len - priv->end < count)
      |                             ^
2020-12-18 12:26:26 +01:00
Emmanuel Fleury
50c85523a2 Fix signedness warning in gio/gfileattribute.c:escape_byte_string()
gio/gfileattribute.c: In function ‘escape_byte_string’:
gio/gfileattribute.c:286:17: error: comparison of integer expressions of different signedness: ‘int’ and ‘size_t’ {aka ‘long unsigned int’}
  286 |   for (i = 0; i < len; i++)
      |                 ^
gio/gfileattribute.c:299:21: error: comparison of integer expressions of different signedness: ‘int’ and ‘size_t’ {aka ‘long unsigned int’}
  299 |       for (i = 0; i < len; i++)
      |                     ^
2020-12-18 12:26:26 +01:00
Emmanuel Fleury
c150e46bf0 Fix signedness warning in gio/gicon.c:g_icon_to_string_tokenized()
gio/gicon.c: In function ‘g_icon_to_string_tokenized’:
gio/gicon.c:165:17: error: comparison of integer expressions of different signedness: ‘int’ and ‘guint’ {aka ‘unsigned int’}
  165 |   for (i = 0; i < tokens->len; i++)
      |                 ^
2020-12-18 12:26:26 +01:00
Emmanuel Fleury
dd995ca54b Fix signedness warning in gio/gfileinfo.c:g_file_info_remove_attribute()
gio/gfileinfo.c: In function ‘g_file_info_remove_attribute’:
gio/gfileinfo.c:706:9: error: comparison of integer expressions of different signedness: ‘int’ and ‘guint’ {aka ‘unsigned int’}
  706 |   if (i < info->attributes->len &&
      |         ^

Fix signedness warning in gio/gfileinfo.c:g_file_info_create_value()

gio/gfileinfo.c: In function ‘g_file_info_create_value’:
gio/gfileinfo.c:1084:9: error: comparison of integer expressions of different signedness: ‘int’ and ‘guint’ {aka ‘unsigned int’}
 1084 |   if (i < info->attributes->len &&
      |         ^

Fix signedness warning in gio/gfileinfo.c:matcher_matches_id()

gio/gfileinfo.c: In function ‘matcher_matches_id’:
gio/gfileinfo.c:2624:21: error: comparison of integer expressions of different signedness: ‘int’ and ‘guint’ {aka ‘unsigned int’}
 2624 |       for (i = 0; i < matcher->sub_matchers->len; i++)
      |                     ^

Fix signedness warnings in gio/gfileinfo.c:g_file_attribute_matcher_enumerate_namespace()

gio/gfileinfo.c: In function ‘g_file_attribute_matcher_enumerate_namespace’:
gio/gfileinfo.c:2713:21: error: comparison of integer expressions of different signedness: ‘int’ and ‘guint’ {aka ‘unsigned int’}
 2713 |       for (i = 0; i < matcher->sub_matchers->len; i++)
      |                     ^
gio/gfileinfo.c:2715:27: error: comparison of integer expressions of different signedness: ‘guint32’ {aka ‘unsigned int’} and ‘int’
 2715 |    if (sub_matchers[i].id == ns_id)
      |                           ^~

Fix signedness warning in gio/gfileinfo.c:g_file_attribute_matcher_enumerate_next()

gio/gfileinfo.c: In function ‘g_file_attribute_matcher_enumerate_next’:
../glib.git/gio/gfileinfo.c:2752:13: error: comparison of integer expressions of different signedness: ‘int’ and ‘guint’ {aka ‘unsigned int’} [-Werror=sign-compare]
 2752 |       if (i < matcher->sub_matchers->len)
      |             ^
2020-12-18 12:25:54 +01:00
Emmanuel Fleury
dd63c0bf32 Fix signedness warning in gio/gfileinfo.c:g_file_info_list_attributes()
gio/gfileinfo.c: In function ‘g_file_info_list_attributes’:
gio/gfileinfo.c:645:17: error: comparison of integer expressions of different signedness: ‘int’ and ‘guint’ {aka ‘unsigned int’}
  645 |   for (i = 0; i < info->attributes->len; i++)
      |                 ^
2020-12-17 14:46:17 +01:00
Emmanuel Fleury
aface2b6b2 Fix signedness warning in gio/gfileinfo.c:g_file_info_has_namespace()
gio/gfileinfo.c: In function ‘g_file_info_has_namespace’:
gio/gfileinfo.c:610:17: error: comparison of integer expressions of different signedness: ‘int’ and ‘guint’ {aka ‘unsigned int’}
  610 |   for (i = 0; i < info->attributes->len; i++)
      |                 ^
2020-12-17 14:46:17 +01:00
Emmanuel Fleury
a3dd0df5d8 Fix signedness warning in gio/gfileinfo.c:g_file_info_find_value()
gio/gfileinfo.c: In function ‘g_file_info_find_value’:
gio/gfileinfo.c:543:9: error: comparison of integer expressions of different signedness: ‘int’ and ‘guint’ {aka ‘unsigned int’}
  543 |   if (i < info->attributes->len &&
      |         ^
2020-12-17 14:46:17 +01:00
Emmanuel Fleury
ece9a52d0b Fix signedness warning in gio/gfileinfo.c:g_file_info_clear_status()
gio/gfileinfo.c: In function ‘g_file_info_clear_status’:
gio/gfileinfo.c:499:17: error: comparison of integer expressions of different signedness: ‘int’ and ‘guint’ {aka ‘unsigned int’}
  499 |   for (i = 0; i < info->attributes->len; i++)
      |                 ^
2020-12-17 14:46:17 +01:00
Emmanuel Fleury
48d783d1d9 Fix signedness warning in gio/gfileinfo.c:g_file_info_set_attribute_mask()
gio/gfileinfo.c: In function ‘g_file_info_set_attribute_mask’:
gio/gfileinfo.c:453:21: error: comparison of integer expressions of different signedness: ‘int’ and ‘guint’ {aka ‘unsigned int’}
  453 |       for (i = 0; i < info->attributes->len; i++)
      |                     ^
2020-12-17 14:46:17 +01:00
Emmanuel Fleury
b82146c4b6 Fix signedness warning in gio/gfileinfo.c:g_file_info_copy_into()
gio/gfileinfo.c: In function ‘g_file_info_copy_into’:
gio/gfileinfo.c:385:17: error: comparison of integer expressions of different signedness: ‘int’ and ‘guint’ {aka ‘unsigned int’}
  385 |   for (i = 0; i < dest_info->attributes->len; i++)
      |                 ^
2020-12-17 14:46:16 +01:00
Emmanuel Fleury
872763dbf0 Fix signedness warning in gio/gfileinfo.c:g_file_info_finalize()
gio/gfileinfo.c: In function ‘g_file_info_finalize’:
gio/gfileinfo.c:327:17: error: comparison of integer expressions of different signedness: ‘int’ and ‘guint’ {aka ‘unsigned int’}
  327 |   for (i = 0; i < info->attributes->len; i++)
      |                 ^
2020-12-17 14:07:19 +01:00
Emmanuel Fleury
f606e3350e Fix signedness warning in gio/gdatainputstream.c:scan_for_chars()
gio/gdatainputstream.c: In function ‘scan_for_chars’:
gio/gdatainputstream.c:879:40: error: comparison of integer expressions of different signedness: ‘int’ and ‘gsize’ {aka ‘long unsigned int’}
  879 |   for (i = 0; checked < available && i < peeked; i++)
      |                                        ^
2020-12-17 14:07:19 +01:00
Emmanuel Fleury
f2b8921df8 Fix signedness warning in gio/gdatainputstream.c:scan_for_newline()
gio/gdatainputstream.c: In function ‘scan_for_newline’:
gio/gdatainputstream.c:654:40: error: comparison of integer expressions of different signedness: ‘int’ and ‘gsize’ {aka ‘long unsigned int’}
  654 |   for (i = 0; checked < available && i < peeked; i++)
      |                                        ^
2020-12-17 14:07:19 +01:00
Emmanuel Fleury
fc8062d906 Fix signedness warning in gio/gliststore.c:
gio/gliststore.c: In function ‘g_list_store_insert’:
gio/gliststore.c:272:30: error: comparison of integer expressions of different signedness: ‘guint’ {aka ‘unsigned int’} and ‘gint’ {aka ‘int’}
  272 |   g_return_if_fail (position <= g_sequence_get_length (store->items));
      |                              ^~
2020-12-17 14:07:19 +01:00
Emmanuel Fleury
3c461d2396 Fix signedness warning in gio/gliststore.c:g_list_store_splice()
gio/gliststore.c: In function ‘g_list_store_splice’:
gio/gliststore.c:482:21: error: comparison of integer expressions of different signedness: ‘gint’ {aka ‘int’} and ‘guint’ {aka ‘unsigned int’}
  482 |       for (i = 0; i < n_additions; i++)
      |                     ^
2020-12-17 14:07:19 +01:00
Emmanuel Fleury
9025969df6 Fix missing initializer warning in gio/gcancellable.c
gio/gcancellable.c:773:1: error: missing initializer for field ‘closure_marshal’ of ‘GSourceFuncs’ {aka ‘struct _GSourceFuncs’}
  773 | };
      | ^
In file included from glib/giochannel.h:33,
                 from glib/glib.h:54,
                 from gio/gcancellable.c:22:
glib/gmain.h:277:23: note: ‘closure_marshal’ declared here
  277 |   GSourceDummyMarshal closure_marshal; /* Really is of type GClosureMarshal */
      |                       ^~~~~~~~~~~~~~~
2020-12-16 23:59:25 +01:00
Emmanuel Fleury
058dda1b63 Fix missing initializer warning in gio/gcontextspecificgroup.c:g_context_specific_source_new()
gio/gcontextspecificgroup.c: In function ‘g_context_specific_source_new’:
gio/gcontextspecificgroup.c:77:3: error: missing initializer for field ‘closure_callback’ of ‘GSourceFuncs’ {aka ‘struct _GSourceFuncs’}
   77 |   };
      |   ^
In file included from glib/giochannel.h:33,
                 from glib/glib.h:54,
                 from gobject/gbinding.h:28,
                 from glib/glib-object.h:22,
                 from gio/gcontextspecificgroup.h:23,
                 from gio/gcontextspecificgroup.c:22:
glib/gmain.h:276:19: note: ‘closure_callback’ declared here
  276 |   GSourceFunc     closure_callback;
      |                   ^~~~~~~~~~~~~~~~
2020-12-16 23:59:25 +01:00
Emmanuel Fleury
3b02d4641e Fix missing initializer warning in gio/inotify/inotify-kernel.c:ik_source_new()
gio/inotify/inotify-kernel.c: In function ‘ik_source_new’:
gio/inotify/inotify-kernel.c:377:3: error: missing initializer for field ‘finalize’ of ‘GSourceFuncs’ {aka ‘struct _GSourceFuncs’}
  377 |   };
      |   ^
In file included from glib/giochannel.h:33,
                 from glib/glib.h:54,
                 from gio/inotify/inotify-kernel.c:30:
glib/gmain.h:272:14: note: ‘finalize’ declared here
  272 |   void     (*finalize) (GSource    *source); /* Can be NULL */
      |              ^~~~~~~~
2020-12-16 23:26:34 +01:00
Philip Withnall
b207965697 gdbus-codegen: Ignore some flake8 warnings
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2020-12-15 09:43:35 +00:00
Philip Withnall
b66ae5a87e gdbuserror: Add missing (transfer) and (nullable) return annotations
This commit only looks at the `Returns:` lines in the documentation, and
has examined all of them in the file. Function arguments have not been
checked.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Helps: #2227
2020-12-15 09:14:39 +00:00
Philip Withnall
eb8d1c4826 gdbusconnection: Improve documentation formatting slightly
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2020-12-15 09:14:20 +00:00
Philip Withnall
06b5e3e54c gdbusconnection: Add missing (transfer) and (nullable) return annotations
This commit only looks at the `Returns:` lines in the documentation, and
has examined all of them in the file. Function arguments have not been
checked.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Helps: #2227
2020-12-15 09:13:22 +00:00
Philip Withnall
b19782e26b gdbusaddress: Add missing (transfer) and (nullable) return annotations
This commit only looks at the `Returns:` lines in the documentation, and
has examined all of them in the file. Function arguments have not been
checked.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Helps: #2227
2020-12-15 09:11:50 +00:00
Philip Withnall
f4766f2034 gcredentials: Improve documentation formatting slightly
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2020-12-15 09:10:19 +00:00
Philip Withnall
2a76f01698 gcredentials: Add missing (transfer) and (nullable) return annotations
This commit only looks at the `Returns:` lines in the documentation, and
has examined all of them in the file. Function arguments have not been
checked.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Helps: #2227
2020-12-15 09:09:59 +00:00
oucaijun
f49831ccb4 gfileinfo: Add missing preconditions to g_file_info_get_attribute_data() 2020-12-14 09:41:00 +08:00
Philip Withnall
39f33412db python: Reformat some files to keep style-check-diff happy
The version of `black` on the CI server wanted these changes. Make them
to keep the `style-check-diff` CI job from constantly failing.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2020-12-12 18:40:57 +00:00
Philip Withnall
539621d2d3 gapplication: Add postconditions on calls to GApplication.dbus_register
Try and catch programmer errors in third-party implementations of
`dbus_register()`.

Signed-off-by: Philip Withnall <withnall@endlessm.com>

Fixes: #1188
2020-12-11 22:33:13 +00:00
Ondrej Holy
48a84f6434 gio-tool-info: Prevent criticals if mount options are not available
NULL is valid return value for the g_unix_mount_get_options function
because mount options are currently provided only by libmount implementation.
However, the gio tool passes the returned value to the g_strescape function
without checking, which produces the following critical warning:
GLib-CRITICAL **: 13:47:15.294: g_strescape: assertion 'source != NULL' failed

Let's add the missing check to prevent the critical warnings.
2020-12-11 13:18:27 +00:00
Sebastian Dröge
737a853f8d Merge branch 'wip/pwithnall/2119-osx-app-info' into 'master'
Debuggability improvements in gosxappinfo.m

See merge request GNOME/glib!1787
2020-12-09 12:43:20 +00:00
Ondrej Holy
aa1e91e838 Merge branch '2098-add-gio-restore-support' into 'master'
Add restore option for trash gio-tool subcommand

Closes #2098

See merge request GNOME/glib!1778
2020-12-09 12:40:59 +00:00
Ondrej Holy
0458ad893a Merge branch '54-add-gio-launch-command' into 'master'
Add gio launch command to execute desktop file

Closes #54

See merge request GNOME/glib!1779
2020-12-09 12:36:41 +00:00
Philip Withnall
a9fc7e5935 gosxappinfo: Add some more precondition checks
These might help catch the problem in #2119 earlier on, and provide more
information about its root cause.

They should not affect behaviour in normal application usage.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Helps: #2119
2020-12-09 11:44:37 +00:00
Philip Withnall
2a629b3b4b gosxappinfo: Use strlen() instead of some magic constants
This is equivalent, but makes the code a bit more readable.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2020-12-09 11:44:14 +00:00
Philip Withnall
1862a900b1 gosxappinfo: Fix some const-correctness issues
This is technically an API break, as the following assignment may now
raise warnings in user code:
```
gchar *filename = g_osx_app_info_get_filename (app_info);
```

However, from code search it seems like the number of users of that
function is zero.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2020-12-09 11:41:38 +00:00
Frederic Martinsons
c3a073e96f Add gio launch command to execute desktop file
This command will try to execute a desktop file, before that
it will load the input as a keyfile for checking its existence
and its validity (as a keyfile).
File arguments are allowed after the desktop file.

Closes #54

Signed-off-by: Frederic Martinsons <frederic.martinsons@sigfox.com>
2020-12-09 08:15:42 +01:00
Philip Withnall
3a7acd24a9 glocalfile: Add an assertion to help static analysis
Static analysis of the call to `g_dir_new_from_dirp()` is tricky,
because the call is across library boundaries and indirected through a
vfunc map because it’s private to libglib.

Help the static analyser by adding an assertion about the input and
output values for `g_dir_new_from_dirp()`.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2020-12-08 11:16:43 +00:00
Michael Catanzaro
855a22e165 gtlsdatabase: remove duplicate precondition check
This check is the same as the check on the line above.
2020-12-07 11:11:37 -06:00
Frederic Martinsons
725984fe8e gio-tool-trash: Add --restore subcommand
It search for attribute trash::orig-path and move the input file to it.
Possibly recreating the directory of orignal path and/or overwritting
the destination.

Closes #2098

Signed-off-by: Frederic Martinsons <frederic.martinsons@sigfox.com>
2020-12-07 17:18:51 +01:00
Frederic Martinsons
105e06cc2e gio-tool-trash: Add --list subcommand
This will print all the files in TrashCan along with their
original location.

Signed-off-by: Frederic Martinsons <frederic.martinsons@sigfox.com>
2020-12-07 17:15:43 +01:00
Philip Withnall
eba2e7f056 gtestdbus: Retry writes if they fail
It’s unlikely, but shuts up a Coverity warning.

Coverity CID: #1232156

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2020-12-03 15:26:03 +00:00
Philip Withnall
24b5d86d4a glocalfile: Check g_stat() return value
There were a couple of places where the return value wasn’t checked, and
hence failure could not be noticed.

Coverity CIDs: #1159435, #1159426

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2020-12-03 15:26:03 +00:00
Marc-André Lureau
3f18b77fb3 gio: fix set_selinux_context coding style
Mostly for cosmetic and readability, follow more closely the glib-style.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2020-12-01 13:20:27 +04:00
Marc-André Lureau
f9cc77da73 gio: remove unnecessary strdup and fix potential leak
setfilecon_raw() takes a const argument since libselinux 2.2 (commit
6a17cfaafc)

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2020-12-01 13:16:44 +04:00
Marc-André Lureau
20e23c701c gio: ‘security_context_t’ is deprecated
From:
9eb9c93275

"we found that the const security_context_t declarations in libselinux
are incorrect; const char * was intended, but const security_context_t
translates to char * const and triggers warnings on passing const char *
from the caller. Easiest fix is to replace them all with const char *."

And later marked deprecated in commit:
7a124ca275

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2020-12-01 11:39:00 +04:00
Emmanuel Fleury
76426c0158 Rewriting the G_GNUC_NORETURN into G_NORETURN macros everywhere 2020-11-25 11:34:05 +00:00
Philip Withnall
23ad18791d Merge branch 'mcatanzaro/coverity-checked-return' into 'master'
gkeyfilesettingsbackend: improve error-checking

See merge request GNOME/glib!1746
2020-11-24 10:44:59 +00:00
Michael Catanzaro
00e8064137 gkeyfilesettingsbackend: improve error checking
Coverity noticed that we are ignoring return values in a couple places
here. We should print warnings when appropriate.
2020-11-24 10:09:02 +00:00
Philip Withnall
44c4e42151 gfileicon: Fix unused-but-set variable with G_DISABLE_ASSERT
This fixes a warning (which is promoted to an error) in our
`G_DISABLE_ASSERT` CI.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2020-11-24 09:44:48 +00:00
Sebastian Dröge
fa8a39c6c6 Merge branch 'py-fixes' into 'master'
Python formatting improvements

See merge request GNOME/glib!1757
2020-11-20 18:10:40 +00:00
Philip Withnall
83e48d8ac1 docs: Document not to use volatile qualifiers
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Fixes: #600
2020-11-20 14:41:07 +00:00
Philip Withnall
7d417f8406 gresource: Fix a pointer mismatch with an atomic load
This squashes a warning when compiling with Clang.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2020-11-20 14:41:07 +00:00
Philip Withnall
0604f58582 gdbusprivate: Avoid a warning about a statement with no effect
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2020-11-20 14:40:19 +00:00
Philip Withnall
e4e88688a0 kqueue: Fix unlocked access to shared variable
And drop the `volatile` qualifier because it doesn’t help.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Helps: #600
2020-11-20 14:40:19 +00:00
Philip Withnall
74250cd9c9 gio: Drop unnecessary volatile qualifiers from internal variables
These variables were already (correctly) accessed atomically. The
`volatile` qualifier doesn’t help with that.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Helps: #600
2020-11-20 14:40:19 +00:00
Philip Withnall
7c7623c4a3 gdbuserror: Drop unnecessary volatile qualifiers from variables
This should introduce no API changes. The
`g_dbus_error_register_error_domain()` function still (incorrectly) has
a `volatile` argument, but dropping that qualifier would be an API
break.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Helps: #600
2020-11-20 14:40:19 +00:00
Philip Withnall
3361240439 gdbusconnection: Drop unnecessary volatile qualifiers from variables
This should introduce no API changes; there are public functions
exported by `GDBusConnection` which still have some (incorrectly)
`volatile` arguments, but dropping those qualifiers would be an API
break.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Helps: #600
2020-11-20 14:40:19 +00:00
Philip Withnall
f4607def16 tests: Drop unnecessary volatile qualifiers from tests
These variables were already (correctly) accessed atomically. The
`volatile` qualifier doesn’t help with that.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Helps: #600
2020-11-20 14:40:19 +00:00
Philip Withnall
7f905ff1fa tests: Fix non-atomic access to some shared variables
And drop the `volatile` qualifier from the variables, as that doesn’t
help with thread safety.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Helps: #600
2020-11-20 14:40:19 +00:00
Philip Withnall
fab561f8d0 gobject: Drop use of volatile from get_type() macros
http://isvolatileusefulwiththreads.in/c/

It’s possible that the variables here are only marked as volatile
because they’re arguments to `g_once_*()`. Those arguments will be
modified in a subsequent commit.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Helps: #600
2020-11-20 14:40:19 +00:00
Simon McVittie
066e68001e Merge branch '1963-gdbus-test-validity' into 'master'
tests: Improve validity of binary GDBusMessage parsing tests

Closes #1963

See merge request GNOME/glib!1762
2020-11-19 11:26:07 +00:00
Simon McVittie
524696c4e6 Merge branch 'dbus-auth-setuid' into 'master'
gdbusauthmechanismsha1: Don’t create keyring dir when running as setuid

See merge request GNOME/glib!1733
2020-11-19 11:13:25 +00:00
Руслан Ижбулатов
e1bf1c2711 GWin32AppInfo: Recognize UWP applications 2020-11-18 15:21:03 +00:00
Руслан Ижбулатов
6931edc28f Plug a leak 2020-11-18 15:20:38 +00:00
Emmanuele Bassi
6e9ed964c3 Merge branch 'task-trace' into 'master'
Add some tracing to GTask

See merge request GNOME/glib!1629
2020-11-18 13:53:41 +00:00
Philip Withnall
f936bba0d1 tests: Improve validity of binary GDBusMessage parsing tests
These tests were originally written using the output directly from a
fuzzer which had triggered the bugs we’re testing for. However, that
means they’re liable to no longer test what they’re intended to test if
the `GDBusMessage` parsing code is changed to (for example) check for
certain errors earlier in future.

It’s better to only have one invalidity in each binary blob, so change
the test messages to all be valid apart from the specific thing they’re
testing for.

The changes were based on reading the D-Bus specification directly:
https://dbus.freedesktop.org/doc/dbus-specification.html

During these changes I found one problem in
`test_message_parse_deep_header_nesting()` where it wasn’t actually
nesting variants in the header deeply enough to trigger the bug it was
supposed to be testing for. Fixed that.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Fixes: #1963
2020-11-18 13:19:13 +00:00
Philip Withnall
c16e1db576 Merge branch 'appinfo-shellany-thread-pool' into 'master'
GWin32AppInfo: Use a thread pool for async appinfo tree rebuilds

See merge request GNOME/glib!1754
2020-11-18 09:38:24 +00:00
Руслан Ижбулатов
427d4fad24 GWin32AppInfo: Use a thread for async appinfo tree rebuilds 2020-11-17 18:11:56 +00:00
Philip Withnall
d270b6c3db py: Various flake8 cleanups
None of these are particularly significant, but they do get the CI
output clean.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2020-11-17 15:50:07 +00:00
Philip Withnall
905b22a17e py: Reformat all Python files consistently
This commit is the unmodified results of running
```
black $(git ls-files '*.py')
```
with black version 19.10b0. See #2046.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2020-11-17 15:50:07 +00:00
Frederic Martinsons
e817a049f0 Correct shellcheck errors (and ignore world splitting when we want it)
Signed-off-by: Frederic Martinsons <frederic.martinsons@sigfox.com>
2020-11-15 17:34:27 +01:00
Sebastian Dröge
728c591d76 Merge branch '1560-converter-zero-size' into 'master'
gresource: Fix handling of zero-sized compressed resource entries

Closes #1560

See merge request GNOME/glib!1752
2020-11-14 21:35:18 +00:00
Matthias Clasen
e53e8b28dd gio: Add some tracing to GTask
Set counters for the number of running tasks and
for the max. threadpool size. These are meant to
get a sense for whether G_TASK_POOL_SIZE and related
constants are still suitable for current gio and
GTask usage patterns.
2020-11-14 19:04:45 +00:00
Matthias Clasen
89d45c7f6a gio: Include sysprof tracing support
Include gtrace.c in the sources, so we can
use the same g_trace_ apis in GIO when sysprof
support is enabled.
2020-11-14 19:04:45 +00:00
Philip Withnall
353020928c gresource: Fix handling of zero-sized compressed resource entries
The zlib `GConverter` can’t handle an output buffer of size 0.

Add tests.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Fixes: #1560
2020-11-14 19:03:18 +00:00
Niels De Graef
6fa5c13c30 gio, glib: Use g_assert_cmpstrv where it makes sense 2020-11-14 18:17:32 +00:00
Sebastian Dröge
fbfb067375 Document that the get_default() functions for the various GIO modules will never return NULL 2020-11-14 17:32:41 +02:00
Sebastian Dröge
ec9fb90b2b Mark g_subprocess_get_std{in,out,err}_pipe() return value as nullable
Previously it was considered a programming error to call these on
subprocesses created without the correct flags, but for bindings this
distinction is difficult to handle automatically.

Returning NULL instead does not cause any inconsistent behaviour and
simplifies the API.
2020-11-14 17:32:41 +02:00
Sebastian Dröge
e2fbb74301 Assert that GFileIcon::file is always set after construction 2020-11-11 13:15:24 +02:00
Sebastian Dröge
705a59a315 gio: Add missing nullable annotations 2020-11-11 13:15:21 +02:00
Norbert Pocs
a879c46a39 gdbus: Add FD support for gdbus call
Gdbus call could not take file handle (parameter 'h') as a parameter.

Original patch from Tim Waugh <twaugh@redhat.com>.

Fixes: #961
2020-11-06 17:19:27 +00:00
Philip Withnall
e1e32e9b0b Merge branch 'wip/carlosg/shared-hidden-cache-timeout' into 'master'
glocalfileinfo: Use a single timeout source at a time for hidden file cache

See merge request GNOME/glib!1734
2020-11-03 15:09:44 +00:00
Carlos Garnacho
c1e0e6a055 glocalfileinfo: Use a single timeout source at a time for hidden file cache
As hidden file caches currently work, every look up on a directory caches
its .hidden file contents, and sets a 5s timeout to prune the directory
from the cache.

This creates a problem for usecases like Tracker Miners, which is in the
business of inspecting as many files as possible from as many directories
as possible in the shortest time possible. One timeout is created for each
directory, which possibly means gobbling thousands of entries in the hidden
file cache. This adds as many GSources to the glib worker thread, with the
involved CPU overhead in iterating those in its main context.

To fix this, use a unique timeout that will keep running until the cache
is empty. This will keep the overhead constant with many files/folders
being queried.
2020-11-03 14:16:36 +01:00
Philip Withnall
4f7c6e1ec8 gdbusauthmechanismsha1: Don’t create keyring dir when running as setuid
Continue to allow overriding the keyring dir, but don’t automatically
create it when running as root.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Coverity CID: #1432485
2020-11-02 12:23:50 +00:00
Simon McVittie
f53aaeac9f gio/tests/gsettings: Assert that temporary directory ends up empty
If there are stray files left over, g_rmdir() will fail with ENOTEMPTY.

Signed-off-by: Simon McVittie <smcv@collabora.com>
2020-10-31 12:26:01 +00:00
Simon McVittie
782c1b424e gio/tests/gsettings: Assert that g_chmod succeeds
Signed-off-by: Simon McVittie <smcv@collabora.com>
2020-10-31 12:24:59 +00:00
Simon McVittie
3f9f7da0f1 gio/tests/gsettings: Use g_assert_no_errno()
Signed-off-by: Simon McVittie <smcv@collabora.com>
2020-10-31 12:24:22 +00:00
Simon McVittie
3468369625 gio/tests/appmonitor: Use g_assert_no_errno()
Signed-off-by: Simon McVittie <smcv@collabora.com>
2020-10-31 12:24:05 +00:00
Simon McVittie
b3b4ad4f94 gio/tests/live-g-file: Use g_assert_no_errno()
Signed-off-by: Simon McVittie <smcv@collabora.com>
2020-10-31 12:20:53 +00:00
Michael Catanzaro
c2b8fa8a34 gsocketclient: fix crash when async connection step fails
This is a regression from !1686. The tmp_error is no longer valid after
it is "considered" and cannot be used at this point. We should print the
error earlier instead.

Fixes #2233
2020-10-28 10:43:43 -05:00
Philip Withnall
35ffbf953d Merge branch 'wip/smcv/big-dbus-write-with-fds' into 'master'
gdbus: Cope with sending fds in a message that takes multiple writes

Closes #2074

See merge request GNOME/glib!1725
2020-10-28 13:12:19 +00:00
Simon McVittie
e5cee9ce5a gio/tests/gdbus-peer: Exercise fds attached to a large message
This incidentally also exercises the intended pattern for sending fds in
a D-Bus message: the fd list is meant to contain exactly those fds that
are referenced by a handle (type 'h') in the body of the message, with
numeric handle value n corresponding to g_unix_fd_list_peek_fds(...)[n].

Being able to send and receive file descriptors that are not referenced by
a handle (as in OpenFile here) is a quirk of the GDBus API, and while it's
entirely possible in the wire protocol, other D-Bus implementations like
libdbus and sd-bus typically don't provide APIs that make this possible.

Reproduces: https://gitlab.gnome.org/GNOME/glib/-/issues/2074
Signed-off-by: Simon McVittie <smcv@collabora.com>
2020-10-28 12:03:59 +00:00
Simon McVittie
fc1f4969bf gdbus: Document the intended semantics of handles and fds
In the D-Bus wire protocol, the handle type (G_VARIANT_TYPE_HANDLE, h)
is intended to be an index/pointer into the implementation's closest
equivalent of GUnixFDList: its numeric value has no semantic meaning
(in the same way that the numeric values of pointers have no semantic
meaning), but a handle with value n acts as a reference to the nth fd
in the fd list.

GDBus provides a fairly direct mapping from the wire protocol to the
C API, which makes it technically possible to attach and use fds
without ever referring to them in the message body, and some
GLib-centric D-Bus APIs rely on this.

However, the other major implementations of D-Bus (libdbus and sd-bus)
transparently replace file descriptors with handles when building
messages, and transparently replace handles with file descriptors when
parsing messages. This means they cannot implement D-Bus APIs that do
not follow the conventional meaning of handles as indexes/pointers into
an equivalent of GUnixFDList.

For interoperability, we should encourage D-Bus API designers to follow
the convention, even though code written against GDBus doesn't strictly
need to do so.

Signed-off-by: Simon McVittie <smcv@collabora.com>
2020-10-28 11:52:22 +00:00
Simon McVittie
70279f8446 gdbus: Cope with sending fds in a message that takes multiple writes
Suppose we are sending a 5K message with fds (so data->blob points
to 5K of data, data->blob_size is 5K, and fd_list is non-null), but
the kernel is only accepting up to 4K with each sendmsg().

The first time we get into write_message_continue_writing(),
data->total_written will be 0. We will try to write the entire message,
plus the attached file descriptors; or if the stream doesn't support
fd-passing (not a socket), we need to fail with
"Tried sending a file descriptor on unsupported stream".

Because the kernel didn't accept the entire message, we come back in.
This time, we won't enter the Unix-specific block that involves sending
fds, because now data->total_written is 4K, and it would be wrong to try
to attach the same fds again. However, we also need to avoid failing
with "Tried sending a file descriptor on unsupported stream" in this
case. We just want to write out the data of the rest of the message,
starting from (blob + total_written) (in this exaple, the last 1K).

Resolves: https://gitlab.gnome.org/GNOME/glib/-/issues/2074
Signed-off-by: Simon McVittie <smcv@collabora.com>
2020-10-28 11:06:52 +00:00
Philip Withnall
2d008e4645 Merge branch 'mcatanzaro/#2221' into 'master'
Fix race in socketclient-slow test

Closes #2221

See merge request GNOME/glib!1711
2020-10-26 15:40:49 +00:00
Sebastian Dröge
4926948aa9 Merge branch 'app-info-docs' into 'master'
gio: Fix some remaining DocBook syntax in a documentation comment

See merge request GNOME/glib!1701
2020-10-26 15:20:03 +00:00
Philip Withnall
159a9c215a gio: Fix various typos of the name ‘D-Bus’
This introduces no functional changes.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2020-10-26 14:28:15 +00:00
Michael Catanzaro
1d28fd530c Fix race in socketclient-slow test
This test ensures that g_socket_client_connect_to_host_async() fails if
it is cancelled, but it's not cancelled until after 1 millisecond. Our
CI testers are hitting that race window, and Milan is able to reproduce
the crash locally as well. Switching it from 1ms to 0ms is enough for
Milan to avoid the crash, but not enough for our CI, so let's move the
cancellation to a GSocketClientEvent callback where the timing is
completely deterministic.

Hopefully fixes #2221
2020-10-26 14:18:06 +00:00
Philip Withnall
4590b4932a gio: Fix some remaining DocBook syntax in a documentation comment
Convert it to Markdown.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2020-10-15 16:21:01 +01:00
Philip Withnall
e2e8339e0a Merge branch 'typeof' into 'master'
Use C++11 decltype where possible

See merge request GNOME/glib!1575
2020-10-15 08:52:47 +00:00
Xavier Claessens
5b2bee3f53 Replace __typeof__ with glib_typeof macro
g_has_typeof macro is wrongly in the public g_ namespace, internaly
symbols are usually in the glib_ namespace. This will also allow to
define glib_typeof differently on non-GNUC compilers (e.g. c++11
decltype).
2020-10-14 14:48:36 -04:00
Philip Withnall
2996d0d689 gfile: Clarify refcount handling for g_file_replace_contents_bytes_async()
This introduces no functional changes, but makes the refcount handling a
little easier to follow by no longer splitting a ref/unref pair across
three callbacks. Now, the ref/unref pairs are all within function-local
scopes.

Coverity CID: #1430783

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2020-10-14 11:50:42 +01:00
Philip Withnall
06587fbfd7 Merge branch 'mcatanzaro/#2211' into 'master'
Various improvements in GSocketClient

Closes #2211 and #1994

See merge request GNOME/glib!1686
2020-10-14 10:20:07 +00:00
Sergio Costas
c12762a091 GSubprocessLauncher: allow to close passed FDs
By default, when using g_subprocess_launcher_take_fd() to pass an
FD to a child, the GSubprocessLauncher object also takes ownership
of the FD in the parent, and closes it during finalize(). This is
a reasonable assumption in the majority of the cases, but sometimes
it isn't a good idea.

An example is when creating a GSubprocessLauncher in JavaScript:
here, the destruction process is managed by the Garbage Collector,
which means that those sockets will remain opened for some time
after all the references to the object has been droped. This means
that it could be not possible to detect when the child has closed
that same FD, because in order to make that work, both FDs
instances (the one in the parent and the one in the children) must
be closed. This can be a problem in, as an example, a process that
launches a child that communicates with Wayland using an specific
socket (like when using the new API MetaWaylandClient).

Of course, it isn't a valid solution to manually call close() in
the parent process just after the call to spawn(), because the FD
number could be reused in the time between it is manually closed,
and when the object is destroyed and closes again that FD. If that
happens, it will close an incorrect FD.

One solution could be to call run_dispose() from Javascript on the
GSubprocessLauncher object, to force freeing the resources.
Unfortunately, the current code frees them in the finalize()
method, not in dispose() (this is fixed in !1670 (merged) ) but it
isn't a very elegant solution.

This proposal adds a new method, g_subprocess_launcher_close(),
that allows to close the FDs passed to the child. To avoid problems,
after closing an FD with this method, no more spawns are allowed.

Fix: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1677
2020-10-12 20:29:48 +02:00
Michael Catanzaro
b88b3712e0 gsocketclient: return best errors possible
Originally, GSocketClient returned whatever error occured last. Turns
out this doesn't work well in practice. Consider the following case:
DNS returns an IPv4 and IPv6 address. First we'll connect() to the
IPv4 address, and say that succeeds, but TLS is enabled and the TLS
handshake fails. Then we try the IPv6 address and receive ENETUNREACH
because IPv6 isn't supported. We wind up returning NETWORK_UNREACHABLE
even though the address can be pinged and a TLS error would be more
appropriate. So instead, we now try to return the error corresponding
to the latest attempted GSocketClientEvent in the connection process.
TLS errors take precedence over proxy errors, which take precedence
over connect() errors, which take precedence over DNS errors.

In writing this commit, I made several mistakes that were caught by
proxy-test.c, which tests using GSocketClient to make a proxy
connection. So although adding a new test to ensure we get the
best-possible error would be awkward, at least we have some test
coverage for the code that helped avoid introducing bugs.

Fixes #2211
2020-10-09 10:50:22 -05:00
Michael Catanzaro
14f7b5e590 gsocketclient: Crash on error if error is missing
We should never return unknown errors to the application. This would be
a glib bug.

I don't think it's currently possible to hit these cases, so asserts
should be OK. For this to happen, either (a) a GSocketAddressEnumerator
would have to return NULL on its first enumeration, without returning an
error, or (b) there would have to be a bug in our GSocketClient logic.
Either way, if such a bug were to exist, it would be better to surface
it rather than hide it.

These changes are actually going to be effectively undone in a
subsequent commit, as I'm refactoring the error handling, but the commit
history is a bit nicer with two separate commits, so let's go with two.
2020-10-09 10:50:22 -05:00
Michael Catanzaro
f0a7b14780 gsocketclient: emit RESOLVING/RESOLVED events only once
GSocketAddressEnumerator encapsulates the details of how DNS happens, so
we don't have to think about it. But we may have taken encapsulation a
bit too far, here. Usually, we resolve a domain name to a list of IPv4
and IPv6 addresses. Then we go through each address in the list and try
to connect to it. Name resolution happens exactly once, at the start.
It doesn't happen each time we enumerate the enumerator. In theory, it
*could*, because we've designed these APIs to be agnostic of underlying
implementation details like DNS and network protocols. But in practice,
we know that's not really what's happening. It's weird to say that we
are RESOLVING what we know to be the same name multiple times. Behind
the scenes, we're not doing that.

This also fixes #1994, where enumeration can end with a RESOLVING event,
even though this is supposed to be the first event rather than the last.
I thought this would be hard to fix, even requiring new public API in
GSocketAddressEnumerator to peek ahead to see if the next enumeration is
going to return NULL. Then I decided we should just fake it: always emit
both RESOLVING and RESOLVED at the same time right after each
enumeration. Finally, I realized we can emit them at the correct time if
we simply assume resolving only happens the first time. This seems like
the most elegant of the possible solutions.

Now, this is a behavior change, and arguably an API break, but it should
align better with reasonable expectations of how GSocketClientEvent
ought to work. I don't expect it to break anything besides tests that
check which order GSocketClientEvent events are emitted in. (Currently,
libsoup has such tests, which will need to be updated.) Ideally we would
have GLib-level tests as well, but in a concession to pragmatism, it's a
lot easier to keep network tests in libsoup.
2020-10-09 10:50:22 -05:00
Michael Catanzaro
290d5722be gsocketclient: document Happy Eyeballs
This isn't an API guarantee, but it's a potentially-surprising
behavior difference between the sync and async functions that is good
to know about, especially because our sync and async functions are
normally identical.
2020-10-09 10:50:22 -05:00
Michael Catanzaro
d971ac7b21 gsocketclient: fix whitespace error 2020-10-09 10:50:22 -05:00
Michael Catanzaro
d24970b207 gsocketclient: fix docs typo 2020-10-09 10:50:22 -05:00
Cristian Rodríguez
35bb69bc47 gsocketclient: set IP_BIND_ADDRESS_NO_PORT if binding to local address
The linux kernel does not know that the socket will be used
for connect or listen and if you bind() to a local address it must
reserve a random port (if port == 0) at bind() time, making very easy
to exhaust the ~32k port range, setting IP_BIND_ADDRESS_NO_PORT tells
the kernel to choose random port at connect() time instead, when the
full 4-tuple is known.
2020-10-09 09:44:05 +01:00
Sebastian Dröge
5d97eb9094 Merge branch '2203-fstatat-macos' into 'master'
glocalfileinfo: Fix use of fstatat() on macOS < 10.10

Closes #2203

See merge request GNOME/glib!1684
2020-10-07 13:47:13 +00:00
Philip Withnall
1538a89b11 Merge branch 'close_subprocess_parent_fds_on_dispose' into 'master'
GSubprocessLauncher: Move cleanup to dispose()

See merge request GNOME/glib!1670
2020-10-06 11:41:35 +00:00
Philip Withnall
74756a87fa glocalfileinfo: Fix use of fstatat() on macOS < 10.10
`g_local_file_fstatat()` needs to fall back to returning an error if
`fstatat()` isn’t defined, which is the case on older versions of macOS
(as well as Windows, which was already handled). Callers shouldn’t call
`g_local_file_fstatat()` in these cases. (That’s already the case.)

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Fixes: #2203
2020-10-06 10:26:38 +01:00
Maxim Mikityanskiy
094eca7076 gio: Expose g_file_build_attribute_list_for_copy
Expose a function that prepares an attribute query string to be passed
to g_file_query_info() to get a list of attributes normally copied with
the file. This function is used by the implementation of
g_file_copy_attributes, and it's useful if one needs to split
g_file_copy_attributes into two stages, for example, when nautilus does
a recursive move of a directory. When files are moved from the source
directory, its modification time changes. To preserve the mtime on the
destination directory, it has to be queried before moving files and set
after doing it, hence these two stages.

Signed-off-by: Maxim Mikityanskiy <maxtram95@gmail.com>
2020-10-06 10:16:49 +01:00
Sergio Costas
605cff61da GSubprocessLauncher: Move cleanup to dispose()
The GSubprocessLauncher class lacks a dispose() method, and frees
all their resources in the finalize() method.

This is a problem with Javascript because the sockets passed to a
child process using g_subprocess_launcher_take_fd() aren't closed
in the parent space until the object is fully freed. This means
that if the child closes a socket, it won't be detected until the
GSubprocessLauncher object has been freed by the garbage
collector.

Just closing the socket externally is not a valid solution,
because the finalize() method will close it again, and since
another file/pipe/socket could have been opened in the meantime
and use the same FD number, the finalize() method would close
an incorrect FD.

An example is launching a child process that uses its own
socket for Wayland: the parent creates two sockets with
socketpair(), passes one to the Wayland API (wl_client_create()),
and the other is passed to the child process using
g_subprocess_launcher_take_fd(). But now there are two instances
of that second socket: one in the parent, and another one in the
child process. That means that, if the child closes its socket (or
dies), the Wayland server will not detect that until the
GSubprocessLauncher object is fully destroyed. That means that a
GSubprocessLauncher created in Javascript will last for several
seconds after the child dies, and every window or graphical element
will remain in the screen until the Garbage Collector destroys the
GSubprocessLauncher object.

This patch fixes this by moving the resource free code into a
dispose() method, which can be called from Javascript. This allows
to ensure that any socket passed to the child with
g_subprocess_launcher_take_fd() can be closed even from Javascript
just by calling the method run_dispose().

Fix https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1670
2020-10-02 22:55:07 +02:00
Philip Withnall
37d04c2f6b Merge branch 'appinfo-shellany' into 'master'
GWin32AppInfo: Support verbs other than "open"

See merge request GNOME/glib!1502
2020-10-01 16:37:36 +00:00
Руслан Ижбулатов
106e78af97 GWin32AppInfo: Support verbs other than "open"
This combines a massive code re-folding with functionlity expansion
that allows us to track multiple verbs per handler or per application.

Also fixes a few issues and removes a function that made no sense.
2020-10-01 17:18:03 +01:00
Руслан Ижбулатов
b01521b4cd gwin32registrykey: Fix returning subkey_name in subkey_iter_get_name() 2020-10-01 17:18:03 +01:00
Patrick Griffis
f9fc29f0b7 gtlscertificate: Add support for PKCS #11 backed certificates
This reverts commit d58e5de9e9.
2020-10-01 17:09:04 +01:00
Simon McVittie
38a2aed5f0 GDBus: Use G_DBUS_METHOD_INVOCATION_HANDLED in method implementations
Signed-off-by: Simon McVittie <smcv@collabora.com>
2020-10-01 16:32:50 +01:00
Simon McVittie
d65c8c30a9 GDBus: Add G_DBUS_METHOD_INVOCATION_HANDLED, _UNHANDLED
Like G_SOURCE_REMOVE and G_SOURCE_CONTINUE, these make it clearer what
it means to return TRUE or FALSE.

In particular, in GDBus methods that fail, the failure case still needs
to return TRUE (unlike the typical GError pattern), leading to comments
like this:

    g_dbus_method_invocation_return_error (invocation, ...);
    return TRUE;    /* handled */

which can now be replaced by:

    g_dbus_method_invocation_return_error (invocation, ...);
    return G_DUS_METHOD_INVOCATION_HANDLED;

G_DBUS_METHOD_INVOCATION_UNHANDLED is added for symmetry, but is very
rarely (perhaps never?) useful in practice.

Signed-off-by: Simon McVittie <smcv@collabora.com>
2020-10-01 16:32:50 +01:00
Simon McVittie
500d065f3d GDBus tests: Use G_SOURCE_REMOVE, G_SOURCE_CONTINUE
The meaning of the boolean result of a GSource function is clearer if
we use these aliases.

Signed-off-by: Simon McVittie <smcv@collabora.com>
2020-10-01 16:32:50 +01:00
Philip Withnall
854abcd1af Merge branch 'optdeps' into 'master'
Make libelf dependency optional via meson feature

See merge request GNOME/glib!1650
2020-10-01 13:47:36 +00:00
Niklas Gürtler
aa0e120174 Make libelf dependency optional via meson feature 2020-10-01 13:47:36 +00:00
Philip Withnall
b43fb9cbfb guri: Fix URI scope parsing
The previous parsing code could read off the end of a URI if it had an
incorrect %-escaped character in.

Fix that, and more closely implement parsing for the syntax defined in
RFC 6874, which is the amendment to RFC 3986 which specifies zone ID
syntax.

This requires reworking some network-address tests, which were
previously treating zone IDs incorrectly.

oss-fuzz#23816

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2020-09-30 19:39:30 +01:00
Peter Bloomfield
a3b5e188aa gthreadedresolver: Fix logic in parse_res_text()
and avoid a sign-compare warning.

Fixes #2209
2020-09-26 11:11:44 -04:00
Philip Withnall
f2df054673 Merge branch 'wip/oholy/trash-recursion' into 'master'
gio-tool-trash: Prevent recursion to speed up emptying trash

See merge request GNOME/glib!1654
2020-09-24 05:59:43 +00:00
Ondrej Holy
f474ec1f72 gio-tool-trash: Prevent recursion to speed up emptying trash
Emptying trash over `gio trash` is a bit slow in comparison to plain
`rm -r`. On my system, it took about 3 min to empty the trash with a
folder containing 600 000 files, which is not ideal as `rm -r` call
took just a few seconds. I found that `g_file_delete` is implemented
differently for locations provided by the trash backend. The trash
backend prevents modifications of trashed content thus the delete
operation is allowed only for the top-level files and folders. So it
is not necessary to recursive delete all files as the permission
denied error is returned anyway. Let's call `g_file_delete` only for
top-level items, which reduces the time necessary for emptying trash
from minutes to seconds...

See: https://gitlab.gnome.org/GNOME/nautilus/-/issues/1589
2020-09-23 15:35:47 +02:00
Philip Withnall
af0b0e98da Merge branch 'trash-portal-error' into 'master'
trash portal: Handle portal failures

See merge request GNOME/glib!1652
2020-09-23 09:36:32 +00:00
Ryan Gonzalez
88032cb541 trash portal: Handle portal failures
Previously, only whether or not the D-Bus call itself succeeded was
checked, regardless of the result code from the actual trash operation.
2020-09-15 18:06:56 -05:00
Simon McVittie
642baa50fa glocalfile: Never require G_LOCAL_FILE_STAT_FIELD_ATIME
Some filesystems don't have meaningful access times under at least some
circumstances (see #2189, #2205). In this situation the traditional stat()
and related kernel interfaces have to put something meaningless in the
st_atime field, and have no way to signal that it is meaningless.

However, statx() does have a way to signal that the atime is meaningless:
if the filesystem doesn't provide a useful access time, it will unset
the STATX_ATIME bit (as well as filling in the same meaningless value
for the stx_atime field that stat() would have used, for compatibility).
We don't actually *need* the atime, so never include it in the required
mask. This was already done for one code path in commit 6fc143bb
"gio: Allow no atime from statx" to fix #2189, but other callers were
left unchanged in that commit, and receive the same change here.

It is not actually guaranteed that *any* of the flags in the
returned stx_mask will be set (the only guarantee is that items in
STATX_BASIC_STATS have at least a harmless compatibility value, even if
their corresponding flag is cleared), so it might be better to follow
this up by removing the concept of the required mask entirely. However,
as of Linux 5.8 it looks as though STATX_ATIME is the only flag in
STATX_BASIC_STATS that might be cleared in practice, so this simpler
change fixes the immediate regression.

Resolves: https://gitlab.gnome.org/GNOME/glib/-/issues/2205
Signed-off-by: Simon McVittie <smcv@collabora.com>
2020-09-15 10:09:46 +01:00
Philip Withnall
c3eda78ada Merge branch '2194-winhttp-file-display-name' into 'master'
gwinhttpfile: Set display-name attribute on file info

Closes #2194

See merge request GNOME/glib!1644
2020-09-11 09:49:04 +00:00
Philip Withnall
6f9b379c08 gwinhttpfile: Set display-name attribute on file info
It is not allowed to be `NULL` or unset if requested by the file
attribute matcher. Derive it from the basename. This doesn’t handle the
situation of a failed UTF-16 to UTF-8 conversion very well, but will at
least return something.

Note that the `g_filename_display_basename()` function can’t be used as
`GWinHttpFile` provides its URI in UTF-16 rather than in the file system
encoding.

This fixes a crash when using GIMP on Windows. Thanks to lillolollo for
in-depth debugging assistance.

Signed-off-by: Philip Withnall <withnall@endlessm.com>

Fixes: #2194
2020-09-10 14:14:32 +01:00
Simon McVittie
92183fb703 gdbusauthmechanismsha1: Use the same timeouts as libdbus
For interoperability with libdbus, we want to use compatible timeouts.
In particular, this fixes a spurious failure of the `gdbus-server-auth`
test caused by libdbus and gdbus choosing to expire the key (cookie) at
different times, as diagnosed by Thiago Macieira. Previously, the libdbus
client would decline to use keys older than 7 minutes, but the GDBus
server would not generate a new key until the old key was 10 minutes old.

For completeness, also adjust the other arbitrary timeouts in the
DBUS_COOKIE_SHA1 mechanism to be the same as in libdbus. To make it
easier to align with libdbus, create internal macros with the same names
and values used in dbus-keyring.c.

* maximum time a key can be in the future due to clock skew between
  systems sharing a home directory
  - spec says "a reasonable time in the future"
  - was 1 day
  - now 5 minutes
  - MAX_TIME_TRAVEL_SECONDS

* time to generate a new key if the newest is older
  - spec says "If no recent keys remain, the server may generate a new
    key", but that isn't practical, because in reality we need a grace
    period during which an old key will not be used for new authentication
    attempts but old authentication attempts can continue (in practice both
    libdbus and GDBus implemented this logic)
  - was 10 minutes
  - now 5 minutes
  - NEW_KEY_TIMEOUT_SECONDS

* time to discard old keys
  - spec says "the timeout can be fairly short"
  - was 15 minutes
  - now 7 minutes
  - EXPIRE_KEYS_TIMEOUT_SECONDS

* time allowed for a client using an old key to authenticate, before
  that key gets deleted
  - was at least 5 minutes
  - now at least 2 minutes
  - at least (EXPIRE_KEYS_TIMEOUT_SECONDS - NEW_KEY_TIMEOUT_SECONDS)

Based on a merge request by Philip Withnall.

Fixes: #2164
Thanks: Philip Withnall
Thanks: Thiago Macieira
Signed-off-by: Simon McVittie <smcv@collabora.com>
2020-09-07 11:29:06 +01:00
Philip Withnall
30a31b21fb gcancellable: Mark a variable as unused if built with G_DISABLE_ASSERT
It’s only used in an assertion. This fixes a compiler warning.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
2020-09-01 12:23:19 +01:00
Carlos Garnacho
cf85241aba tests: Add splice cancellation test
This doesn't trigger the cancellation assertion issue when run locally
(the task didn't return yet, so the error is simply overwritten), but
perhaps it ever does in CI. Anyhow, it's good to have a cancellation
test.
2020-08-28 11:38:51 +02:00
Carlos Garnacho
c033450f93 goutputstream: Check individual close operations after splice
After a splice operation is finished, it attempts to 1) close input/output
streams, as per the given flags, and 2) return the operation result (maybe
an error, too).

However, if the operation gets cancelled early and the streams indirectly
closed, the splice operation will try to close both descriptors and return
on the task when both are already closed. The catch here is that getting the
streams closed under its feet is possible, so the completion callback would
find both streams closed after returning on the first close operation and
return the error, but then the second operation could be able to trigger
a second error which would be returned as well.

What happens here is up to further race conditions, if the task didn't
return yet, the returned error will be simply replaced (but the old one not
freed...), if it did already return, it'll result in:

GLib-GIO-FATAL-CRITICAL: g_task_return_error: assertion '!task->ever_returned' failed

Fix this by flagging the close_async() callbacks, and checking that both
close operations did return, instead of checking that both streams are
closed by who knows.

This error triggers a semi-frequent CI failure in tracker, see the summary at
https://gitlab.gnome.org/GNOME/tracker/-/issues/240
2020-08-28 11:22:14 +02:00
Philip Withnall
9674d14175 Merge branch 'g_settings_new' into 'master'
gio: Document g_settings_new() missing schema behaviour

See merge request GNOME/glib!1626
2020-08-24 09:02:43 +00:00
Chris Mayo
dc1a1b841c gio: Document g_settings_new() missing schema behaviour
Explain what happens, the rationale and reference another
function that may be helpful.
2020-08-24 09:02:43 +00:00
Valentin David
6fc143bba8
gio: Allow no atime from statx
statx does not provide stx_atime when querying a file in a read-only
mounted file system. So call to statx should not expect it to be in
the mask. Otherwise we would fail with ERANGE for querying any file in
a read-only file system.

Fixes #2189.
2020-08-23 16:41:17 +02:00
Sebastian Dröge
24af98e0ee Merge branch 'cancellable-pollfd' into 'master'
gcancellable: Assert that make_pollfd() call succeeds

See merge request GNOME/glib!1623
2020-08-18 10:35:16 +00:00
Sebastian Dröge
009791b614 Merge branch 'dbus-uint-checks' into 'master'
gdbusmessage: Drop redundant uint ≥ 0 checks

See merge request GNOME/glib!1625
2020-08-18 10:25:18 +00:00
Sebastian Dröge
5271b67e37 Merge branch 'dbus-address-null-check' into 'master'
gdbusaddress: Drop an unnecessary NULL check

See merge request GNOME/glib!1624
2020-08-18 10:13:04 +00:00
Philip Withnall
a110ca920a gcancellable: Assert that make_pollfd() call succeeds
The `make_pollfd()` call can’t fail because it only does so if
`cancellable == NULL`, and we’ve already checked that. Assert that’s the
case, to shut Coverity up and to catch behavioural changes in future.

Coverity CID: #1159433
Signed-off-by: Philip Withnall <withnall@endlessm.com>
2020-08-18 11:08:51 +01:00
Nirbheek Chauhan
0b0b9bfda0 Merge branch 'windows-netreset' into 'master'
gioerror: Map WSAENETRESET on Windows to G_IO_ERROR_CONNECTION_CLOSED

See merge request GNOME/glib!1616
2020-08-18 09:46:36 +00:00
Philip Withnall
7afd4071d6 gdbusmessage: Drop redundant uint ≥ 0 checks
They are always true.

Coverity CID: #1430645, #1430674, #1430884, #1430974
Signed-off-by: Philip Withnall <withnall@endlessm.com>
2020-08-18 10:39:46 +01:00