Commit Graph

6724 Commits

Author SHA1 Message Date
Philip Withnall
e2b5094cdb gresource: Ignore G_RESOURCE_OVERLAYS when running as setuid
It could have been used to load private data which would not normally be
accessible to an unprivileged caller.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Helps: #2168
2021-01-07 15:02:25 +00:00
Philip Withnall
45d01e5aa9 gdesktopappinfo: Validate XDG_CURRENT_DESKTOP before using it
Its components are used to build filenames, so if the value of
`XDG_CURRENT_DESKTOP` comes from an untrusted caller (as can happen in
setuid programs), using it unvalidated may be unsafe.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Helps: #2168
2021-01-07 15:02:25 +00:00
Philip Withnall
dba585d020 gdbusaddress: Ignore D-Bus addresses from the environment when setuid
As with the previous commit, it’s unsafe to trust the environment when
running as setuid, as it comes from an untrusted caller. In particular,
with D-Bus, the caller could set up a fake ‘system’ bus which fed
incorrect data to this process.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Helps: #2168
2021-01-07 15:02:25 +00:00
Philip Withnall
ba414ee100 giomodule: Ignore GIO_MODULE_DIR when running as setuid
Even if the modules in the given directory never get chosen to be used,
loading arbitrary code from a user-provided directory is not safe when
running as setuid, as the process’ environment comes from an untrusted
source.

Also ignore `GIO_EXTRA_MODULES`.

Spotted by Simon McVittie.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Fixes: #2168
2021-01-07 15:02:24 +00:00
Sebastian Dröge
65271eb93d Merge branch 'fix/default-windows-socket-udp-behavior' into 'master'
gsocket: Improve default UDP behavior on Windows

See merge request GNOME/glib!1844
2021-01-07 14:09:19 +00:00
Frederic Martinsons
16dfd2033f Annotate function parameters with G_GNUC_UNUSED when necessary
(Tweaked by Philip Withnall to reformat code with `black`)

Closes #1105

Signed-off-by: Frederic Martinsons <frederic.martinsons@sigfox.com>
2021-01-06 18:35:17 +00:00
Sebastian Dröge
587b46fec3 Merge branch 'sophie-h-master-patch-90719' into 'master'
Add nullable annotation for g_file_get_uri_scheme

See merge request GNOME/glib!1840
2021-01-06 08:55:47 +00:00
Sophie Herold
b3740ac5b0 Add nullable annotation for g_file_get_uri_scheme 2021-01-06 08:55:47 +00:00
Sebastian Dröge
b777b4caaa Merge branch 'fix/socket-use-after-close' into 'master'
gsocket: Fix use-after-close

See merge request GNOME/glib!1845
2021-01-06 08:42:01 +00:00
Sebastian Dröge
609d1e292f Merge branch 'fix/android-system-checks' into 'master'
build: Fix Android system checks

See merge request GNOME/glib!1856
2021-01-06 08:34:52 +00:00
Ole André Vadla Ravnås
ea0c4bf045 build: Fix inconsistent Android host system checks
To match the value in the Meson reference table for "Operating system
names", and our checks elsewhere.
2021-01-06 01:12:31 +01:00
Ole André Vadla Ravnås
0ab51f8d4e gwin32: Always use unicode APIs
Instead of the legacy ANSI ones. This also means GLib behaves correctly
when built with unicode preprocessor defines.
2021-01-05 21:42:59 +01:00
Ole André Vadla Ravnås
17c53b5f16 gsocket: Don't call WSAEnumNetworkEvents if socket is closed
Makes Application Verifier happy.
2021-01-05 21:20:38 +01:00
Ole André Vadla Ravnås
d01588f37e gsocket: Don't bother updating select mask if socket is closed 2021-01-05 21:20:34 +01:00
Pascal Buhler
9cd134d9fb gsocket: Improve default UDP behavior on Windows
An ICMP port unreachable will result in a socket error, which is a
really bad default for UDP sockets.
2021-01-05 21:08:15 +01:00
Philip Withnall
01b77666bc Merge branch '2275-gio-script-local' into 'master'
completion: Declare variables as local in gio completion script

Closes #2275

See merge request GNOME/glib!1839
2021-01-05 16:27:44 +00:00
Philip Withnall
2ca4d865b2 completion: Declare variables as local in gio completion script
Most variables were, but a few were not declared as local, and hence
leaked into the calling environment every time someone tab-completed the
`gio` command.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Fixes: #2275
2021-01-05 16:14:16 +00:00
Sebastian Dröge
d752d3be3b Merge branch 'update-gvdb' into 'master'
Update gvdb

See merge request GNOME/glib!1834
2021-01-05 10:37:57 +00:00
Sebastian Dröge
87e8eb67c3 Merge branch '1283-trash-wording' into 'master'
glocalfile: Improve wording for error messages about trash directories

Closes #1283

See merge request GNOME/glib!1825
2021-01-04 15:07:31 +00:00
Philip Withnall
7f2af262bf glocalfile: Improve wording for error messages about trash directories
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Fixes: #1283
2021-01-04 14:43:54 +00:00
Philip Withnall
9716a26ab6 Merge branch '1281-to-pixdata-docs' into 'master'
gresource: Document the `to-pixdata` option as being deprecated

Closes #1281

See merge request GNOME/glib!1826
2021-01-04 12:58:42 +00:00
Philip Withnall
0c85348efc Merge branch 'appinfo-shellany-uwplaunch' into 'master'
GWin32AppInfo: support getting info about UWP apps and launching them

Closes #1991

See merge request GNOME/glib!1772
2021-01-04 12:55:58 +00:00
Ole André Vadla Ravnås
9ac3a27f03 gsocket: Fix credentials error-handling on Apple OSes
- When querying a TCP socket, getsockopt() may succeed but the resulting
  `optlen` will be zero. This means we'd previously be reading
  uninitialized stack memory in such cases.
- After a file-descriptor has gone through FD-passing, getsockopt() may
  fail with EINVAL. At least this is the case with TCP sockets.
- While at it also use SOL_LOCAL instead of hard-coding its value.
2021-01-04 12:29:47 +00:00
Philip Withnall
0d3473d3bb Merge remote-tracking branch 'gvdb/master' into update-gvdb
This is the result of `git merge gvdb/master`.
2021-01-04 11:38:54 +00:00
Timm Bäder
fe441c8ca5 giomodule: Don't allocate GHashTable for no entries
This seems to happen in 3 out of 4 cases when calling gtk_init(), so
avoid allocating the GHashTable in that case.
2020-12-31 14:58:40 +01:00
Timm Bäder
105e44beb5 gresource: Avoid work for NULL errors
Don't go through gettext if the GError** passed is NULL anyway.
2020-12-31 14:58:40 +01:00
Marco Mastropaolo
43b13d7a1a Windows: fix FD_READ condition flag still set on recoverable UDP socket errors.
Contrary to what the WSARecvFrom seem to imply, a UDP socket is perfectly recoverable and usable after a WSAECONNRESET error (and, I assume, WSAENETRESET).
However GSocket condition has the FD_READ bit set after a UDP socket fails with WSAECONNRESET, even if no data is available on the socket anymore; this causes select calls to report the socket as readable when, in fact, it's not.

The change resets FD_READ flag on a socket upon the above error conditions; there's no 'if' to filter between datagram and stream sockets as the change should be harmless in the case of stream sockets which are, however, very unlikely to be usable after a WSAECONNRESET.
2020-12-24 09:08:40 +00:00
Руслан Ижбулатов
c816d074c3 GWin32AppInfo: fix a leak 2020-12-23 01:47:01 +00:00
Руслан Ижбулатов
d33c3747dc GWin32AppInfo: invert verb comparison function
The list is sorted in ascending order, which means that to put
verbs alphabetically we need to sort ealier verbs with -1. Same for
the "open" verb and the preferred verb (if any).
2020-12-23 01:46:33 +00:00
Руслан Ижбулатов
48d96b21f9 GWin32AppInfo: enforce chosen handler on UWP apps, use URI verbs
* UWP apps that have low registry footprint might end up with chosen_handler == NULL.
Ensure that this doesn't happen.
* UWP apps don't need verbs for URIs, but we do need verbs to have a link to an app
(since handlers don't contain app fields). Work around this by adding an "open" verb
to each UWP URI handler.
* Duplicate the code that inserts extension handler verbs into the app to also insert
URI handler verbs. This allows URI-only apps to be used correctly later on (otherwise
GLib errors out, saying that the app has no verbs).
2020-12-23 01:46:11 +00:00
Руслан Ижбулатов
a2f823113c GWin32AppInfo: read UWP handler metadata (indirect strings)
Have to use of SHLoadIndirectString() from shell32.dll for this, no
way around that.
2020-12-23 01:46:10 +00:00
Руслан Ижбулатов
a2c287bf9f GWin32AppInfo: be less picky about names
Use pretty name as the result of _name(), if available. This is
more in line with what .desktop files return. Canonical name
may be completely unintelligible.
2020-12-23 01:45:20 +00:00
Руслан Ижбулатов
e7a738711b GWin32AppInfo: be more permissive about verbs in capable apps
MSDN doesn't say much on this subject, but i've seen apps in the wild
that have the "shell" subkey with verbs *either* in the root app key *or*
in the "Capabilities" subkey of the root key. Accommodate either case by trying both
(root key gets a priority, since this is how MS Address Book is registered -
assume that MS knows how to do this the right way).
2020-12-23 01:44:47 +00:00
Руслан Ижбулатов
10def41dc5 GWin32AppInfo: simplify appinfo wait condition 2020-12-23 01:44:34 +00:00
Руслан Ижбулатов
4c3a61e221 GWin32AppInfo: use g_new() instead of g_malloc() 2020-12-23 01:43:39 +00:00
Руслан Ижбулатов
f28b75e9ff GWin32AppInfo: Support launching UWP applications 2020-12-23 01:43:38 +00:00
Руслан Ижбулатов
0ea2f34723 GWin32AppInfo: more checks for UWP apps
UWP apps have no exectuables or commandlines. Check for that.
2020-12-23 01:43:38 +00:00
Руслан Ижбулатов
720b51032c GWin32AppInfo: Support getting information about UWP apps 2020-12-23 01:43:38 +00:00
Руслан Ижбулатов
e9b09911f6 gio: Add g_win32_package_parser_enum_packages()
This function enumerates all user-accessible UWP packages
and calls the user-provided callback for each package.

This can be used to make GLib aware of the UWP applications
installed in the system.

The function works by using IPackageManager/IPackage UWP interfaces
and XmlLite COM library to parse package manifests.

The function requires COM, and initializes it to a single-thread
appartment model. To ensure this doesn't break anything, either
only use it in a separate thread (COM is initialized on a per-thread
basis), or make sure that the main thread also uses the same COM
model (it's OK to initialize COM multiple times, as long as the same
model is used and as long as init/uninit calls are paired correctly).
2020-12-23 01:43:38 +00:00
Руслан Ижбулатов
2773c06bd4 gio: Add private headers with missing UWP/COM types
MinGW-w64 lacks the appropriate headers, so we have to add them
here. Note that these only have the C versions (normally these
things come in both C and C++ flavours), since that's what we use.

Also note that some of the functions that we don't use (but must
describe to maintain binary compatibility) were altered to use
IUnknown (basically, an untyped pointer) instead of the appropriate
object types, as adding these types would require other types,
which would pull even more types, forcing us to drag half of the
UWP headers in here. By replacing unused types with IUnknown we
can trim a lot of branches from the dependency graph.
2020-12-23 01:35:51 +00:00
Руслан Ижбулатов
895fc2eff2 gio: add GWin32FileSyncStream
This is a COM object that implements IStream by using a HANDLE
and WinAPI file functions to access the file (only a file; pipes
are not supported). Only supports synchronous access (this is
a feature - the APIs that read from this stream internally will
never return the COM equivalent of EWOULDBLOCK, which greatly
simplifies their use).
2020-12-23 01:35:39 +00:00
Руслан Ижбулатов
fdfa9236a2 GWin32AppInfo: Store UWP AppUserModelId for a handler
Could be used later on to launch UWP apps.

UWP apps need verbs, but we don't have any code to get UWP app
info yet.
2020-12-23 01:33:28 +00:00
Philip Withnall
b63e9889a8 gresource: Document the to-pixdata option as being deprecated
Just embed a PNG instead. gdk-pixbuf deprecated its pixdata support in
version 2.32, in 2015.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Fixes: #1281
2020-12-22 18:42:05 +00:00
Philip Withnall
8cec87ff46 glocalfile: Clarify an error message slightly
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2020-12-22 18:22:37 +00:00
Emmanuel Fleury
e90a79139f Fix signedness warnings in gio/gcredentials.c:g_credentials_to_string()
gio/gcredentials.c: In function ‘g_credentials_to_string’:
gio/gcredentials.c:238:31: error: comparison of integer expressions of different signedness: ‘uid_t’ {aka ‘unsigned int’} and ‘int’
  238 |   if (credentials->native.uid != -1)
      |                               ^~
gio/gcredentials.c:240:31: error: comparison of integer expressions of different signedness: ‘gid_t’ {aka ‘unsigned int’} and ‘int’
  240 |   if (credentials->native.gid != -1)
      |                               ^~
2020-12-18 12:26:38 +01:00
Emmanuel Fleury
477d53b2b0 Fix signedness warning in gio/gbufferedoutputstream.c:g_buffered_output_stream_set_buffer_size()
gio/gbufferedoutputstream.c: In function ‘g_buffered_output_stream_set_buffer_size’:
glib/gmacros.h:806:26: error: comparison of integer expressions of different signedness: ‘gsize’ {aka ‘long unsigned int’} and ‘goffset’ {aka ‘long int’}
  806 | #define MAX(a, b)  (((a) > (b)) ? (a) : (b))
      |                          ^
gio/gbufferedoutputstream.c:211:14: note: in expansion of macro ‘MAX’
  211 |       size = MAX (size, priv->pos);
      |              ^~~

Fix signedness warning in gio/gbufferedinputstream.c:g_buffered_input_stream_real_fill()

gio/gbufferedinputstream.c: In function ‘g_buffered_input_stream_real_fill’:
glib/gmacros.h:809:26: error: comparison of integer expressions of different signedness: ‘gssize’ {aka ‘long int’} and ‘gsize’ {aka ‘long unsigned int’}K [-Werror=sign-compare]
  809 | #define MIN(a, b)  (((a) < (b)) ? (a) : (b))
      |                          ^
gio/gbufferedinputstream.c:664:11: note: in expansion of macro ‘MIN’
  664 |   count = MIN (count, priv->len - in_buffer);
      |           ^~~
gio/gbufferedinputstream.c:667:29: error: comparison of integer expressions of different signedness: ‘gsize’ {aka ‘long unsigned int’} and ‘gssize’ {aka ‘long int’}
  667 |   if (priv->len - priv->end < count)
      |                             ^

Fix signedness warnings in gio/gbufferedinputstream.c:g_buffered_input_stream_real_fill_async()

gio/gbufferedinputstream.c: In function ‘g_buffered_input_stream_real_fill_async’:
glib/gmacros.h:809:26: error: comparison of integer expressions of different signedness: ‘gssize’ {aka ‘long int’} and ‘gsize’ {aka ‘long unsigned int’}
  809 | #define MIN(a, b)  (((a) < (b)) ? (a) : (b))
      |                          ^
gio/gbufferedinputstream.c:1075:11: note: in expansion of macro ‘MIN’
 1075 |   count = MIN (count, priv->len - in_buffer);
      |           ^~~
gio/gbufferedinputstream.c:1078:29: error: comparison of integer expressions of different signedness: ‘gsize’ {aka ‘long unsigned int’} and ‘gssize’ {aka ‘long int’}
 1078 |   if (priv->len - priv->end < count)
      |                             ^
2020-12-18 12:26:26 +01:00
Emmanuel Fleury
50c85523a2 Fix signedness warning in gio/gfileattribute.c:escape_byte_string()
gio/gfileattribute.c: In function ‘escape_byte_string’:
gio/gfileattribute.c:286:17: error: comparison of integer expressions of different signedness: ‘int’ and ‘size_t’ {aka ‘long unsigned int’}
  286 |   for (i = 0; i < len; i++)
      |                 ^
gio/gfileattribute.c:299:21: error: comparison of integer expressions of different signedness: ‘int’ and ‘size_t’ {aka ‘long unsigned int’}
  299 |       for (i = 0; i < len; i++)
      |                     ^
2020-12-18 12:26:26 +01:00
Emmanuel Fleury
c150e46bf0 Fix signedness warning in gio/gicon.c:g_icon_to_string_tokenized()
gio/gicon.c: In function ‘g_icon_to_string_tokenized’:
gio/gicon.c:165:17: error: comparison of integer expressions of different signedness: ‘int’ and ‘guint’ {aka ‘unsigned int’}
  165 |   for (i = 0; i < tokens->len; i++)
      |                 ^
2020-12-18 12:26:26 +01:00
Emmanuel Fleury
dd995ca54b Fix signedness warning in gio/gfileinfo.c:g_file_info_remove_attribute()
gio/gfileinfo.c: In function ‘g_file_info_remove_attribute’:
gio/gfileinfo.c:706:9: error: comparison of integer expressions of different signedness: ‘int’ and ‘guint’ {aka ‘unsigned int’}
  706 |   if (i < info->attributes->len &&
      |         ^

Fix signedness warning in gio/gfileinfo.c:g_file_info_create_value()

gio/gfileinfo.c: In function ‘g_file_info_create_value’:
gio/gfileinfo.c:1084:9: error: comparison of integer expressions of different signedness: ‘int’ and ‘guint’ {aka ‘unsigned int’}
 1084 |   if (i < info->attributes->len &&
      |         ^

Fix signedness warning in gio/gfileinfo.c:matcher_matches_id()

gio/gfileinfo.c: In function ‘matcher_matches_id’:
gio/gfileinfo.c:2624:21: error: comparison of integer expressions of different signedness: ‘int’ and ‘guint’ {aka ‘unsigned int’}
 2624 |       for (i = 0; i < matcher->sub_matchers->len; i++)
      |                     ^

Fix signedness warnings in gio/gfileinfo.c:g_file_attribute_matcher_enumerate_namespace()

gio/gfileinfo.c: In function ‘g_file_attribute_matcher_enumerate_namespace’:
gio/gfileinfo.c:2713:21: error: comparison of integer expressions of different signedness: ‘int’ and ‘guint’ {aka ‘unsigned int’}
 2713 |       for (i = 0; i < matcher->sub_matchers->len; i++)
      |                     ^
gio/gfileinfo.c:2715:27: error: comparison of integer expressions of different signedness: ‘guint32’ {aka ‘unsigned int’} and ‘int’
 2715 |    if (sub_matchers[i].id == ns_id)
      |                           ^~

Fix signedness warning in gio/gfileinfo.c:g_file_attribute_matcher_enumerate_next()

gio/gfileinfo.c: In function ‘g_file_attribute_matcher_enumerate_next’:
../glib.git/gio/gfileinfo.c:2752:13: error: comparison of integer expressions of different signedness: ‘int’ and ‘guint’ {aka ‘unsigned int’} [-Werror=sign-compare]
 2752 |       if (i < matcher->sub_matchers->len)
      |             ^
2020-12-18 12:25:54 +01:00
Emmanuel Fleury
dd63c0bf32 Fix signedness warning in gio/gfileinfo.c:g_file_info_list_attributes()
gio/gfileinfo.c: In function ‘g_file_info_list_attributes’:
gio/gfileinfo.c:645:17: error: comparison of integer expressions of different signedness: ‘int’ and ‘guint’ {aka ‘unsigned int’}
  645 |   for (i = 0; i < info->attributes->len; i++)
      |                 ^
2020-12-17 14:46:17 +01:00