Commit Graph

3684 Commits

Author SHA1 Message Date
Philip Withnall
fcd2f7e639 tests: Add tests for the thumbnail verification code in GIO
This code was added for use by the G_FILE_ATTRIBUTE_THUMBNAIL_IS_VALID
file attribute, but may end up being used elsewhere (e.g. in GVfs) as well.
As it’s dealing with untrusted external files, and the non-trivial PNG file
format, this commit adds several test cases to cover valid and invalid PNG
files.

The security model for the thumbnail verification code is that the user’s
cache directory is untrusted, and potentially any PNG file which is passed
to the verifier has been manipulated arbitrarily by an attacker.

This is a follow-up to commit fe7069749f.

https://bugzilla.gnome.org/show_bug.cgi?id=709898
2013-10-24 13:55:33 -04:00
Colin Walters
ed6ca39d3b Revert "Use g_return_val_if_fail() for developer-only messages"
This reverts commit 00f0795a84.

https://bugzilla.gnome.org/show_bug.cgi?id=569017
2013-10-24 09:53:55 -04:00
Jiro Matsuzawa
d5e2a57741 gsettings-tool: Add --version into general usage
https://bugzilla.gnome.org/show_bug.cgi?id=707002
2013-10-24 09:53:55 -04:00
Ryan Lortie
6568843624 GSettings: verify path validity on constructors
Don't allow constructing GSettings objects with invalid paths.

https://bugzilla.gnome.org/show_bug.cgi?id=704802
2013-10-24 09:53:55 -04:00
Olivier Brunel
0a7d1084a5 gthemedicon: Fallback to non-symbolic icons
When doing fallback for symbolic icons, we first shorten the name at dashes
while preserving the -symbolic suffix. But after exhausting that, we should also
try stripping the suffix.

See https://bugzilla.gnome.org/show_bug.cgi?id=708163

Signed-off-by: Olivier Brunel <jjk@jjacky.com>

https://bugzilla.gnome.org/show_bug.cgi?id=710254
2013-10-24 08:09:48 -04:00
Philip Withnall
856d901569 gdbus: Ensure message matching always succeeds against path_namespace='/'
This copies the fix from upstream D-Bus bug
https://bugs.freedesktop.org/show_bug.cgi?id=70799 to the GDBusDaemon
implementation, ensuring that matching against path_namespace='/' succeeds
for all keys (i.e. it’s a no-op).

https://bugzilla.gnome.org/show_bug.cgi?id=710726
2013-10-23 20:55:00 +01:00
Ryan Lortie
fe7069749f file-info: Add a G_FILE_ATTRIBUTE_THUMBNAIL_IS_VALID attribute
This indicates whether the thumbnail (given by G_FILE_ATTRIBUTE_THUMBNAIL_PATH)
is valid — i.e. to represent the file in its current state. If
G_FILE_ATTRIBUTE_THUMBNAIL_IS_VALID is FALSE (for a normal _or_ failed
thumbnail) it means the file has changed since the thumbnail was generated, and
the thumbnail is out of date.

Part of checking thumbnail validity (by the spec) involves parsing
headers out of the thumbnail .png so we include some (small) code to do
that in a separate file.  We will likely want to copy this code to gvfs
to do the same for GVfsFile.

Heavily based on a patch from Philip Withnall <philip.withnall@collabora.co.uk>
who suggested the feature and designed the API.

https://bugzilla.gnome.org/show_bug.cgi?id=709898
2013-10-23 11:56:28 -04:00
Ryan Lortie
38dc8d4cd3 GMemoryOutputStream: docs and whitespace fixes
Document the difference between resizable and fixed-sized streams,
particularly with regards to sizing and seeking.

https://bugzilla.gnome.org/show_bug.cgi?id=684842
2013-10-23 11:32:13 -04:00
Ryan Lortie
1d1c17d9ee GMemoryOutputStream: improve seek tests
Improve test coverage for testing seeking on fixed vs. resizable
GMemoryOutputStream.

https://bugzilla.gnome.org/show_bug.cgi?id=684842
2013-10-23 11:32:13 -04:00
Ryan Lortie
fdc5cd8d9f Change semantics of seek on memory output stream
It is our intention that memory output streams should operate in two
distinct modes, depending on if a realloc function was provided or not.

In the case that we have a realloc function (resizable mode), we want
the stream to behave as if it were a file that started out empty.  In
the case that we don't have a realloc function (fixed-sized mode), we
want the stream to behave as a block device would.

To this end, we introduce two changes in functionality:

 - seeking to SEEK_END on a resizable stream will now seek to the end of
   the valid data region, not to the end of the allocated memory (which
   is really just an implementation detail)

 - seeks past the end of the allocated memory size are now permitted,
   but only on resizable streams.  The next write will grow the buffer
   (inserting zeros between).

Some tweaks to testcases were required in order not to break the build,
which indicates that this is an API break, but it seems unlikely that
anyone will be effected by these changes 'in the real world'.

Updates to documentation and further testcases are in following commits.

Based on a patch from Maciej Piechotka <uzytkownik2@gmail.com>.

https://bugzilla.gnome.org/show_bug.cgi?id=684842
2013-10-23 11:31:27 -04:00
Ryan Lortie
38ef509cf3 GSeekable: document seek-past-end semantics
Introduce the concept of "fixed" vs. "resizable" streams and document
how g_seekable_seek() works for each case.

We don't include g_seekable_is_fixed_size() at this point because we
don't know if anyone would require it.  This may appear in the future if
someone asks for it, however.

https://bugzilla.gnome.org/show_bug.cgi?id=684842
2013-10-23 11:19:27 -04:00
Philip Withnall
3b28df1e00 gdbus: Work around a D-Bus bug with path_namespace='/' match rules
D-Bus versions < 1.6.18 (i.e. all current versions) have a bug with the
path_namespace='/' match rule key. It should conceptually match everything,
but actually matches nothing. This results in no property change (or other)
signals being forwarded to the D-Bus client.

The work-around implemented in GDBusObjectManagerClient is to remove the
path_namespace match key if its value is ‘/’.

For the upstream D-Bus bug, see:
https://bugs.freedesktop.org/show_bug.cgi?id=70799

https://bugzilla.gnome.org/show_bug.cgi?id=710726
2013-10-23 15:36:23 +01:00
Matthias Clasen
a7bd6c47db Clarify the g_application_withdraw_notification docs
Mention that notifications are dismissed when activated.
2013-10-21 18:46:48 -04:00
Ryan Lortie
1f0e69f734 Don't build gapplication(1) on win32
It's pretty closely tied to desktop files...
2013-10-21 15:24:55 -04:00
Ryan Lortie
358588ed2a GSubprocess win32 fixups
Note: we go out of our way not to pass a child setup function on win32
(even if it does nothing) because we get a g_warning() from gspawn if we
do so.
2013-10-21 15:24:55 -04:00
Colin Walters
b21c86b6a0 GNotification: Don't install private headers, avoid duplicated prototype
These both break gobject-introspection's build, and moreover are
things we don't want to do anyways.
2013-10-21 15:05:45 -04:00
Ryan Lortie
6957004007 GNotification: finish documentation
Add the missing documentation and add the section to the GIO reference
docs.  Fix up a few small documentation issues.

https://bugzilla.gnome.org/show_bug.cgi?id=688492
2013-10-21 14:30:30 -04:00
Ryan Lortie
51fac60a92 GNotification: some final cleanups
Move a method from GNotificationBackend into the fdo backend (since it
was only used from here).  Remove the accessors for the already-public
(in private header) ->dbus_connect and ->application on
GNotificationBackend.

https://bugzilla.gnome.org/show_bug.cgi?id=688492
2013-10-21 14:30:30 -04:00
Lars Uebernickel
766f5584ce Add gtk notification backend
https://bugzilla.gnome.org/show_bug.cgi?id=688492
2013-10-21 14:30:26 -04:00
Lars Uebernickel
639bd3626b Add GNotification
https://bugzilla.gnome.org/show_bug.cgi?id=688492
2013-10-21 14:30:26 -04:00
Djalal Harouni
d308ede491 gio/gbufferedinputstream: fix redundant-decls of g_buffered_input_stream_finalize()
g_buffered_input_stream_finalize() is already declared as static in this
gbufferedinputstream.c file, so just remove the redundant declaration.

Signed-off-by: Djalal Harouni <tixxdz@opendz.org>

https://bugzilla.gnome.org/show_bug.cgi?id=710345
2013-10-19 12:18:55 -04:00
Matthias Clasen
c848323948 Fix up subprocess docs
The GSubprocessLauncher docs had their own long description,
but were not properly set up as their own section.
2013-10-17 20:55:53 -04:00
Matthias Clasen
8520c9cdf4 Add some missing argument docs 2013-10-17 20:37:57 -04:00
Colin Walters
ebd098155b tests/gsubprocess: Locate test child binary for installed tests too
Just use the new g_test_build_filename() rather than assuming
it's in cwd.
2013-10-17 22:39:48 +01:00
Ihar Hrachyshka
00f0795a84 Use g_return_val_if_fail() for developer-only messages
Replaced several usages of GError with g_return_val_if_fail() for
developer-only messages. As additional value, it also removes those
messages from the list to translate, simplifying translator's work a
bit.

https://bugzilla.gnome.org/show_bug.cgi?id=569017
2013-10-17 15:11:51 -04:00
Ryan Lortie
542ad4db03 Fixup GSubprocess documentation bits 2013-10-17 15:01:42 -04:00
Colin Walters
9318d5a429 gsubprocess: Add UTF-8 variants of communicate()
Over many years of writing code interacting with subprocesses, a pattern
that comes up a lot is to run a child and get its output as UTF-8, to
put inside a JSON document or render in a GtkTextBuffer, etc.

It's very important to validate at the boundaries, and not say deep
inside Pango.

We could do this a bit more efficiently if done in a streaming fashion,
but realistically this should be OK for now.
2013-10-17 14:32:44 -04:00
Colin Walters
0e1a3ee345 gsubprocess: Fix up communicate
We weren't closing the streams after we were done reading or writing,
which is kind of essential.  The easy way to fix this is to just use
g_output_stream_splice() to a GMemoryOutputStream rather than
hand-rolling it.  This results in a substantial reduction of code
complexity.

A second serious issue is that we were marking the task as complete when
the process exits, but that's racy - there could still be data to read
from stdout.  Fix this by just refcounting outstanding operations.

This code, not surprisingly, looks a lot like the "multi" test.

Next, because processes output binary data, I'd be forced to annotate
the char*/length pairs as (array) (element-type uint8).  But rather than
doing that, it's *far* simpler to just use GBytes.

We need a version of this that actually validates as UTF-8, that will be
in the next patch.
2013-10-17 14:32:44 -04:00
Colin Walters
5b48dc40cc GSubprocess: New class for spawning child processes
There are a number of nice things this class brings:

0) Has a race-free termination API on all platforms (on UNIX, calls to
   kill() and waitpid() are coordinated as not to cause problems).
1) Operates in terms of G{Input,Output}Stream, not file descriptors
2) Standard GIO-style async API for wait() with cancellation
3) Makes some simple cases easy, like synchronously spawning a
   process with an argument list
4) Makes hard cases possible, like asynchronously running a process
   with stdout/stderr merged, output directly to a file path

Much rewriting and code review from Ryan Lortie <desrt@desrt.ca>

https://bugzilla.gnome.org/show_bug.cgi?id=672102
2013-10-17 14:32:44 -04:00
Colin Walters
c515c3ed11 gio: Add private API to create win32 streams from fds
This will be used by GSubprocess.

https://bugzilla.gnome.org/show_bug.cgi?id=672102
2013-10-17 14:27:07 -04:00
Jasper St. Pierre
a2f6f0d2f6 gtask: Fix invalid name in documentation 2013-10-17 13:04:06 -04:00
Ryan Lortie
9defb6b1b1 New gapplication(1) tool
This is essentially a commandline implementation of the client-side of
the org.freedesktop.Application D-Bus interface.

It includes support for tab-completion based on desktop files and their
contents.

https://bugzilla.gnome.org/show_bug.cgi?id=704218
2013-10-17 10:12:27 -04:00
Ryan Lortie
4e1e36a7f0 Revert "gapplication: don't rely on cmdline being finalized immediately"
This reverts commit c5748328be.
2013-10-17 08:22:11 -04:00
Cosimo Cecchi
c5748328be gapplication: don't rely on cmdline being finalized immediately
The GApplicationCommandLine DBus implementation currently calls
g_dbus_method_invocation_return_value() in its finalize() implementation
only, relying on the object being destroyed after g_object_unref() is
called on it inside g_application_impl_method_call().

While this is usually fine for C applications, when overriding the
command_line vfunc from language bindings, the binding might add extra
references to the object, which might not be released immediately - e.g.
because they're garbage collected, or possibly even leaked. The same
scenario could happen in a C application that decides to keep a
reference to the passed-in GApplicationCommandLine object.

To ensure the CommandLine DBus method always gets a reply after the
invocation of command_line in the primary instance, explicitly send the
message back before dropping our reference to the object.

https://bugzilla.gnome.org/show_bug.cgi?id=708042
2013-10-16 23:06:13 -04:00
Colin Walters
be2656f139 g_file_copy: Fall back to pathname queryinfo to help gvfs backends
It's not difficult to do; not all backends implement it, and for some
it may be difficult to implement query_info_on_read(), so let's just
do both.

https://bugzilla.gnome.org/show_bug.cgi?id=706254
2013-10-16 13:33:14 -04:00
Colin Walters
e2d5282636 GMemoryOutputStream: Don't return -1 as a gboolean in precondition
Since it could confuse callers (admittedly who are already violating
a precondition).

Just spotted while adapting some bits of this code for a ssh library.
2013-10-08 12:19:11 -04:00
Kalev Lember
be7f40185f xdgmime: Fix an invalid read
This commit factors out a function for comparing string suffixes, and at
the same time makes it safe for mime types that are shorter than the
"/*" suffix.

==25418== Invalid read of size 1
==25418==    at 0x3C6D0F9D22: __gio_xdg_cache_mime_type_subclass (xdgmimecache.c:848)
==25418==    by 0x3C6D09ED8C: g_content_type_is_a (gcontenttype.c:158)
==25418==    by 0x34D8031E95: gtk_recent_filter_filter (gtkrecentfilter.c:733)
==25418==    by 0x34D802F167: _gtk_recent_chooser_get_items (gtkrecentchooserutils.c:387)
==25418==    by 0x34D802D07F: idle_populate_func (gtkrecentchoosermenu.c:1011)
==25418==    by 0x34D7A20477: gdk_threads_dispatch (gdk.c:804)
==25418==    by 0x3C6C0492F5: g_main_context_dispatch (gmain.c:3065)
==25418==    by 0x3C6C049677: g_main_context_iterate.isra.23 (gmain.c:3712)
==25418==    by 0x3C6C04972B: g_main_context_iteration (gmain.c:3773)
==25418==    by 0x34D7FC2AF4: gtk_main_iteration (gtkmain.c:1262)
==25418==    by 0x408EB4: main (in /usr/bin/glade)

https://bugzilla.gnome.org/show_bug.cgi?id=708529
2013-10-04 22:08:36 +02:00
Ryan Lortie
e0ffd5c184 appinfo: Don't try DBusActivatable with load_from_keyfile
We can't get the name of the filename, so we can't determine the application
ID.  We'll have to fallback on Exec= for this case.

https://bugzilla.gnome.org/show_bug.cgi?id=709326
2013-10-04 12:19:03 -04:00
Dan Winship
5a269e5a90 gcredentials: add Solaris support
Based on patches from Igor Pashev.

https://bugzilla.gnome.org/show_bug.cgi?id=705029
2013-10-04 09:51:31 -04:00
Dan Winship
66edac7fb9 gcredentials: add Hurd support
It uses the same system as FreeBSD.

https://bugzilla.gnome.org/show_bug.cgi?id=708265
2013-10-04 09:51:31 -04:00
Dan Winship
cedd697bf8 gcredentials: add internal macros to simplify all the #ifdefs
Rather than having lots of obscure platform-based #ifdefs all over
gio, define some macros in gcredentialsprivate.h, and use those to
simplify the rest of the code.

https://bugzilla.gnome.org/show_bug.cgi?id=701482
2013-10-04 09:51:31 -04:00
Giovanni Campagna
32d2539295 GDBusProxy: add flag to control autostarting at construction time
Sometimes the application doesn't want to autostart a service
when it creates a proxy, but wants the service autostarted when
it makes the first method call. Allow that behavior with a new
flag.

https://bugzilla.gnome.org/show_bug.cgi?id=708828
2013-10-04 02:38:17 +02:00
Ryan Lortie
c8e1dbb106 gdesktopappinfo: Large-scale whitespace fixup
Fix up a lot of whitespace issues in this file since we're about to do
some pretty serious rewriting here anyway...

Add some fold markers while we're at it.
2013-10-03 10:40:25 -04:00
Ryan Lortie
b0601e7558 gdesktopappinfo: rework search path
Change the search path to be a global array of 'DesktopFileDir' structures and
change the 'get' function to an 'ensure' function.

This is just a straight-up refactor.  Future patches will expand the
DesktopFileDir structure.
2013-10-03 10:40:25 -04:00
Ryan Lortie
5e59ab8e8c gdesktopappinfo: remove global_defaults_cache
...and some related functions.

This variable is also used for nothing at all.
2013-10-03 10:40:25 -04:00
Ryan Lortie
b95ef4aad4 gdesktopappinfo: remove should_ping_mime_monitor
This variable is used for nothing...
2013-10-03 10:40:25 -04:00
Ryan Lortie
33762a4173 glocalfile: add private worker monitor APIs
Add a convenient and race-free method of watching local files from the
GLib worker thread.

Without this, the race-free way to create a monitor that dispatches
events to the worker thread looked something like this:

 - dispatch an idle to the worker thread
 - from the idle, create the monitor and connect signals
 - from the original thread, wait (on a cond?) until the worker thread
   has finished setting up the monitor
 - read the file that you were monitoring

which is just ridiculously complicated...

To use the new API:

  monitor = g_local_file_monitor_new_in_worker ("/path/to/some/file",
                                                G_FILE_MONITOR_NONE,
                                                &error);
  g_assert_no_error (error);

  g_signal_connect (monitor, "changed", G_CALLBACK (callback), NULL);

  g_local_file_monitor_start (monitor);

'callback' will run from the GLib worker thread.

This is the reason that the start() call was introduced in the previous
commit.  The backends that don't use the start() call will have a very
thin race between creating the monitor and connecting the signal, but
hopefully they will be fixed soon.

These new APIs will be used (at least) from gdesktopappinfo to watch for
changes in the desktop file directories.

https://bugzilla.gnome.org/show_bug.cgi?id=704887
2013-10-03 10:37:47 -04:00
Ryan Lortie
5409d7827e GFileMonitor: support specifying a context
Add a new "context" construct-only property to allow explicitly
specifying the context in which events should be dispatched.

https://bugzilla.gnome.org/show_bug.cgi?id=704887
2013-10-03 10:37:35 -04:00
Ryan Lortie
700677de51 inotify: stop using constructor()
and start using the new start() vcall on the local monitor classes.

I only port inotify because I am uncomfortable making changes to the
other monitor backends without having a way of testing them.

https://bugzilla.gnome.org/show_bug.cgi?id=704887
2013-10-03 10:37:30 -04:00
Ryan Lortie
b050dc3c0a local monitors: make more idiomatic use of GObject
Stop abusing constructor() to do startup work, adding _start() calls
instead.

The backends themselves still use constructor() although a patch will be
following to also fix inotify.

The reason for using a separate start() call instead of constructed()
will become apparent in future commits.

https://bugzilla.gnome.org/show_bug.cgi?id=704887
2013-10-03 10:37:19 -04:00